OTP/MFA Implementation

Is there any news on the progress of OTP For Login validation - BIZ / BIZ Feature Requests - TMS Support Center (tmssoftware.com)?

Our clients are asking us for the use of authenticator apps. We have implemented this for our non-Sphinx apps, but it would be great to be able to do this here.

Not yet, but it's high in our priority list. We will implement it as soon as we can. Sorry about that.

1 Like

MFA is now a requirement for all users of online systems to comply with the the latest version of the UK's Cyber Essentials so would be create if this could be implemented

By the way, the email that Sphinx already provides (which can also be used to send an SMS) is already sufficient for UK Cyber Essentials. Obviously people want the authenticator stuff, but to get signed off for certification you can use what is there.

@wlandgraf while you are at it, this seems to be all the rage FIDO2 - FIDO Alliance

@Weetch_Russell that is on our radar as well. Actually, more specifically the Webauthn standard, is that what you are looking for? A new feature request could be created so we can track. Both will be implemented.

1 Like

Thanks @wlandgraf I have added a feature request for that, plus another one for Sphinx MFA management.

1 Like

Has the WebAuthn standard made it to your roadmap yet?

Definitely in the list of things that we will do. We don't have a timeframe yet, though.

1 Like

Just wanted to register my interest for this.

BTW, with email already there for the email confirmation, can it be easily made to send OTP codes on user signon even now?

There is an event in the SphinxServer for sending OTP code by email (or you could use SMS).

You mean OnGenerateEmailConfirmationToken? - it's only used for email validation. I need Sphinx to be able to also do OTP as part of signon, i.e.: prompt for the name, password and then email OTP and prompt for it, before the signon is complete, as a 2nd factor authentication.