[IGN-2654] Gateway Multi Factor Authentication

Is there any way to have multi factor authentication for gateway?

If not, any other way to secure the gateway when that server has a public IP address?
Other than the Ignition login with the proper roles to access the gateway.

As of Ignition 8.1 you can use a third-party identity provider for gateway authentication. Many third party IdPs allow you to require 2FA.

We may eventually add support first-party, but no timeline on that.

We are planning on using Igniton as the user source and identity provider so we wouldn’t have to pay for anything extra.

That said, if there is a free source out there for this or a very low cost one the that’s something we would consider. This will only be used for gateway authentication and only a few (less than 5) will need to get into the gateway web page.

To confirm, you can have the gateway and designer login use an external identity provider, then the perspective sessions could then use the ignition user source as the identity provider?

Correct, there’s a ‘System’ user source property that’s used for the gateway and designer, then each project can independently use a particular identity provider.

What does the [IGN-2654] mean exactly?

It’s a reference to the issue number in our internal system.

If that capability is not there, wouldn’t it be a new feature request, not a issue?

It’s all the same ‘issue tracker’, whether it’s a bug, feature, refactor, etc. It’s just an internal detail for us so we don’t lose track of this thread registering demand for the feature.

Can it be found here https://ideas.inductiveautomation.com/ignition-features-and-ideas?sort=new

No, that’s yet another tracker. We have one ‘main’ internal-only system with no public view. All actual work we do is based on that tracker. The forum and the ideas portal are separate; we manually set up links between internal issues and forum/ideas threads.