Today I received another request to provide remote off-site access to NPM via use of MFA.
I don't see a great solution for it, outside of requiring users to leverage our Citrix Secure Gateway solution and then access NPM's home page, or using RDP through CSG to get to a user's computer at work (from home), and then logging into NPM.
That's not what they want. I'm telling them it's what they can have. I think that if a switch or router or server or service is down, the next thing they'll want is to access that item remotely, which isn't happening via MFA through NPM anyway. I think they may as well be remoting into CSG or their work PC so they can do the extra steps.
I can't convince them.
What options do you present users when they make something approaching a logical justification for wanting to access NPM from the Internet via MFA?
Or is there something supporting MFA already present in NPM?
Starting with Orion Platform 2018.4 and NPM 12.4, we added support for the Security Assertion Markup Language (SAML) v2 protocol for supported identity providers, including Active Directory Federation Services (AD FS) and Okta. See Multi-factor Authentication (MFA) and the Orion Web Console in the SolarWinds Success Center for details.