Making an authenticator in salesforce (OTP)
Hi everyone,
I have been asked to make an app within Salesforce which acts as a authentication code generator for their team viewer login. I was just wondering if anyone had done this before? It will need to generate codes every 30 seconds for example, and that code will need to match up to the one required for their team viewer login. If anyone could provide any help that would be amazing!
Thanks,
Aaron
Answers
-
Hi @Aaron12345,
wow!!! A somewhat strange request ...
The process of accrediting a portal goes through two phases: authentication and authorization.
The authentication allows to validate and recognize the person who intends to access.
Authorization, which occurs only if authentication is passed, is the process of issuing restrictions on operating on the portal.
The second authentication factor is an extension of the first phase: it serves to validate the recognition of the person: it usually takes place with a request for a code generated randomly and acquired via APP or SMS (usually the use of an email is not recommended)
As an extension of authentication, 2FA must be done by the same process that handles authentication. The Microsoft Authenticator or Google Authenticator are tools that allow the generation of a 6-digit code that respects a recent algorithm for OTP generation.
Basically, the program that checks authentication uses the library for generating this code to check the data entered by the user during authentication.
The user has on one of his devices (phone, tablet) the app corresponding to one of the two applications indicated above: when the portal asks him to enter the code, it will be sufficient for them to enter the data shown on their device.
How does the coupling between portal and device happen? This step is usually done only once. Once the user has decided to increase the security of his account, he follows a specific procedure that allows him to receive a QR code on the screen. This code, imported into the app on the device, allows you to pair together:
- the username of the operator
- the destination site requiring authentication
- the device used by the operator
This step causes the app on the device to randomly generate 6-digit codes every 30 seconds, equal to those that the target site expects to receive for the specific operator.
For this reason, in my opinion, it is quite difficult to prepare a tool for generating codes if the control algorithm is not the one used specifically by the authentication system.
Regards
Domenico Langone
1 -
Hey @Aaron12345,
as enhancement to what @DomLan wrote. I would like to mention that TeamViewer already provides an app for salesforce where a lot of TeamViewer's functionality is already available out of salesforce. Maybe that could also help your customers.
You can find the listing here: https://appexchange.salesforce.com/appxListingDetail?listingId=a0N3A00000EFmSYUA1
best regards
Nils
0