Most secure authentication?

With SSO being disabled, what is the most secure authentication that Ignition supports now?

The most secure authentication is to use an IdP with two factors, with gateway SSL enabled and force-redirect turned on.

SSO, when enabled, has always been the least secure authentication method. Your question implies the opposite, which is simply bogus, because it assumes that the person who logged into the OS at a computer is the same person accessing Ignition. SSO is a low-security crutch offered to placate personnel who would demand no authentication at all if they could.

2 Likes

Thank you for the reply!

I am sure there is a doc for this setup but all I find are only for SSO/MFA setup. Can you provide a step by step or some direction? I have Duo setup to authenticate with Entra ID and the gateway does have a SSL. That was solely due to only finding that type of document.

Any direction would be appreciated.

It's all here in the documentation:

Note that Ignition does NOT provide a native IdP with multi-factor authentication. It supports using OpenID or SAML external Identity Providers that have that functionality.

1 Like

I have been working on this most of the day. I have tried OpenID and SAML using Duo. I have been unsuccessful.

Can I get more help on how to setup using an IdP with two factors?

I haven't had to do this myself. Have you opened a support ticket? (This forum is not support.)

Yes, I do have a ticket open and have been chatting with them as well.