nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

Community
- Command Central
- MVP Program
- Monthly Mission
- Blogs
- Groups
- Events
- Media Vault
- SolarWinds Academy
Products
- Observability
- Network Management
- Application Management
- IT Security
- IT Service Management
- System Management
- Database Management
Content Exchange
- SolarWinds Platform
- Server & Application Monitor
- Database Performance Analyzer
- Server Configuration Monitor
- Network Performance Monitor
- Network Configuration Manager
- SQL Sentry
- Web Help Desk
Free Tools & Trials
Store

Two Factor authentication

jgeorge_qwest

Can NPM comply with two factor authentication with a radius or taccas server?

Find more posts tagged with

two_factor_authentication

Security

npm_8.5.1

tacacs+

Accepted answers

All comments

FormerMember

Not at this time

jgeorge_qwest

Has any thought been put into this as a product feature and if so, is it on the product road map. Additionally is there a product roadmap for the NPM suite.

FormerMember

Yes, it's been considered. No timeframe, though.

jgeorge_qwest

Don't know if this will help push the issue but I have DoD and High Level security agencies that are looking to the tool and that has been at the top of their lists of request of things that are missing at this time.

rschroeder

Bump. Is this still unresolved?

rschroeder

Still unresolved.

NCM and Two Factor Authentication for logging into a device - SolarWinds Worldwide, LLC. Help and Support

sonic9t9

i know for us... we just have separate domain accounts that only are for tacacs/radius and access to other things like dhcp. but only that account can access certain things

rschroeder

We, too, have something similar set up. But it is NOT two-factor authentication. I'm still looking for a way to accomplish it. SW says NCM can't do it, and that putting NCM into a special group or class effectively IS a form of two-factor authentication. A special AD user account that only NCM can use, and rules that only allow this account to manage devices from NCM's address, does seem to match having at least two of the three legs of authentication: 1. What you know (a password), 2. What you have (a token--in this case an IP address---I know--this is stretching the definition a bit), and 3. What you are (as in something unique to you, like a retina pattern, finger print, etc.).

The problem with systems that leverage bio-authentication methods, such as eye-scans or scanned finger prints: Once that data is digitized for use in a security system, it becomes portable. Scanning it opens the possibility of someone stealing it and using it elsewhere. I can always get a new password, new user name, or a new token. But how could I get a new iris pattern or new finger prints when those are stolen?

itinfrastructure3

We need two factor too, required by PCI compliance

rschroeder

If you can remove Solarwinds products from PCI's scope, life will be much simpler . . .

On the other hand, you'll lose the power of NCM's backups & restores & remediation & scripting features, and that's NOT a matter of simplicity. Operating a PCI environment in the dark is not a great practice.