APIs allow external parties to access an organizations sensitive back-end systems, thus keeping security practices up to date is paramount. User name and password are the first level of security for any user trying to access an organizations APIs from their API Portal. This first level of security can easily be breached by hackers so second forms of authentication are needed for the system to have reliable security (See Sale’s Force Article Here) . The good news it that now in Version 184.108.40.206 of API Connect users can configure a Two Factor Authentication model to add that additional layer of security onto their API Portal, protecting the front door into their back-end systems.
When logged in as the Admin for the API Developer Portal, organizations can configure two factor authentication using their desired process and governance structure. The TFA authentication can be scoped to different types of users and roles in the organization.
There are a number of different frameworks that can be used for providing and verifying the second form of authentication. List of the supported frameworks:
- Time-based, On-time Password (TOTP)
- Google Authenticator, Authenticator (Windows Phone) Authy, FreeOTP and GAuth Athenticator
- Recovery Codes
- Twilio SMS
Once configuration is complete users can simply login to their accounts and navigate to their security tab to configure their TFA process.
Ensure your organization has the highest security measures in place. For a guided walk through of setting up two factor authentication for your API Portal follow the below knowledge center articles!
- Using two-factor authentication
- Encouraging users to set up two-factor authentication on their Developer Portal Account