Forum GLPI-Project

goaguiar99

Member

Registered: 2022-11-17

Posts: 14

Integrating Azure AD with GLPI for MFA: Scalability and Alternatives

Hello GLPI Community,

I'm exploring the integration of Azure AD into our GLPI system, particularly concerning the implementation of Multi-Factor Authentication (MFA) for user security. We're currently considering the OAuth IMAP plugin for this purpose.

My main queries are:

1. Does integrating Azure AD with the OAuth IMAP plugin in GLPI provide MFA for all users?

2. Can this setup reliably scale to accommodate more than 1,000 users?

3. Additionally, are there any alternative methods for incorporating MFA into GLPI that might be more effective or efficient?

Any insights or experiences shared on this matter would be greatly appreciated.

Thank you in advance for your assistance.

talonik

Member

Registered: 2023-11-24

Posts: 12

Re: Integrating Azure AD with GLPI for MFA: Scalability and Alternatives

Integrating Azure AD with the OAuth IMAP plugin in GLPI can provide MFA for all users, offering enhanced security, centralized management, and a seamless user experience.

However, I recommend alternative methods for incorporating MFA into GLPI, including SAML-based SSO and RADIUS-based authentication. However, integrating Azure AD with the OAuth IMAP plugin is often the most straightforward and cost-effective solution)

cconard96

Moderator

Registered: 2018-07-31

Posts: 2,813

Website

Re: Integrating Azure AD with GLPI for MFA: Scalability and Alternatives

GLPI 10.1 will bring authenticator support which can be enforced on a global, entity, group, or profile level. You can even forcibly exclude certain users from the enforcement policy if you wish. The feature will let you configure a grace period too to roll out the requirement over time to users. It should be compatible with all Time-based OTP apps like Microsoft Authenticator, Google Authenticator, Authy, etc. Finally, it will allow the use of one-time codes (a small number of them retrieved when 2FA is set up) which can be used in place of the time-based code in case the authenticator app is unavailable.

---

GLPI Collaborator and Plugin Developer.
My non-English comments are automated translations. Sorry for any confusion that causes.
Mes commentaires non anglais sont des traductions automatiques. Désolé pour toute confusion qui cause.
Mis comentarios que no están en inglés son traducciones automáticas. Perdón por cualquier confusión que cause.

goaguiar99

Member

Registered: 2022-11-17

Posts: 14

Re: Integrating Azure AD with GLPI for MFA: Scalability and Alternatives

Wow, that's great news! Thanks for responding. Do you have any information on the release date for this new feature or for GLPI 10.1?

talonik

Member

Registered: 2023-11-24

Posts: 12

Re: Integrating Azure AD with GLPI for MFA: Scalability and Alternatives

I've heard smth about the release date January 2024.

cconard96

Moderator

Registered: 2018-07-31

Posts: 2,813

Website

Re: Integrating Azure AD with GLPI for MFA: Scalability and Alternatives

You can see the milestone on GitHub for the current "work in progress" tasks for GLPI 10.1. As of right now, there is no due date and I am not aware of any specific timeframe for the first beta release. There are a few more big features in progress that are planned for GLPI 10.1. As the planned features get finished up, I believe the "due date" on the milestone would be updated to indicate a general timeframe for the first beta.

https://github.com/glpi-project/glpi/milestone/49

---

GLPI Collaborator and Plugin Developer.
My non-English comments are automated translations. Sorry for any confusion that causes.
Mes commentaires non anglais sont des traductions automatiques. Désolé pour toute confusion qui cause.
Mis comentarios que no están en inglés son traducciones automáticas. Perdón por cualquier confusión que cause.