Skip to main content

Add Datawiza MFA (2FA) to a web app

About 3 min

Overview

This guide walks you through configuring Datawiza Multi-Factor Authentication (MFA/2FA) to enhance the security of your web applications—including both in-house developed and third-party apps.

Prerequisite

Before proceeding, ensure you have the following:

Part I: Datawiza Cloud Management Console (DCMC) Configuration

Step 1: Sign in to DCMC

  1. Log into the DCMCopen in new window.

Log Into DCMC

Step 2: Create a New Deployment

  1. Navigate to the Deployments tab.
  2. Click + CREATE DEPLOYMENT.
  3. Enter a Name and Description, then click Create.

Web App MFA | Create a New Deployment

Step 3: Add a New Application

  1. Go to the Applications tab and click Create Application.

Web App MFA | Create an New Application

Configure your application with the following values:

  • App Type: WEB.
  • Name: Demo App.
  • Application URL: https://demo.datawiza.net (replace with your own DNS name).
  • SSL: Enable SSL and use datawiza self-signed certificate.
  • Listen Port: 443.
  • Upstream Servers: Custom Upstream.
  • Custom Upstream Server Address: http://10.0.1.85:8000 (replace with the actual IP address or hostname of your web application).
  • Click Next.

Web App MFA | Create an New Application

Step 4: Update Access Rules

  1. Go to the Rules tab.
  2. Edit the default access rule and set the Rule Type to Not Protected. Web App MFA | Edit Default RuleWeb App MFA | Set Rule Type to Not Protected

Step 5: Enable Datawiza MFA

  1. Navigate to the Advanced tab.
  2. Under Advanced Settings, select MFA, then click Create MFA Configuration. Web App MFA | Create MFA Configuration - Step 1
  3. Enter a name and select DATAWIZA as the provider. Web App MFA | Create MFA Configuration - Step 2

Step 6: Generate Provisioning Keys

  1. Click on Deployment Detail. Web App MFA | Deployment Detail

  2. Select the Provisioning Keys tab, then click Create Provisioning Key. Web App MFA | Provisioning Keys

  3. Enter a key name and click Create. Web App MFA | Create Provisioning Key

  4. Save the PROVISIONING_KEY and PROVISIONING_SECRET. You'll use these in your deployment. Web App MFA | Provisioning Key Created

Step 7: Run the Datawiza Access Proxy (DAP)

  1. Go to the Quick Start tab.
  2. Follow Step 1 to install Docker and pull the DAP image.
  3. Follow Step 2 to generate a docker-compose.yaml using your provisioning keys and start the DAP container.

Web App MFA | DAP Quick Start

Part II: MFA User Configuration

Datawiza provides a user management interface for handling MFA users.

Step 1: Add a New MFA User Manually

Go to the Users tab and click + CREATE USER.

Provide the following details:

  • Username: demo (We use this user as the example)
  • Email: The user's email address for receiving setup instructions
  • Status: Active
  • Setup Authenticator: Enable "Automatically send an authenticator setup link via email"
  • Click Create.

Web App MFA | Add MFA User

Step 2: Complete MFA Enrollment

The user will receive an email with a QR code to scan with an authenticator app. (e.g., Google Authenticator, Microsoft Authenticator). Web App MFA | MFA Setup Email

Step 3: (Optional) Enable JIT User Provisioning

To streamline the onboarding process, you can enable Just-In-Time (JIT) user provisioning, which automatically creates a user record the first time a user logs in.

Web App MFA | Enable JIT

Step 4 (Optional): Bulk Upload MFA Users via CSV

Instead of manually creating users one by one, you can bulk upload multiple users using a CSV file. Oracle EBS MFA | Upload CSV

CSV Format Example

usernameemailgroups
demodemo@datawiza.comhr
gilgil@datawiza.comeng
billbill@datawiza.com
  • username and email are required.
  • groups is optional.

Oracle EBS MFA | MFA User CSVOracle EBS MFA | Upload CSV

Authenticator Enrollment via CSV Upload

  • If the "Automatically send an authenticator setup link via email" option is enabled during the CSV upload:

    • Each user will receive a QR code via email.
    • Their Authenticator status will be set to Enrolled.
    • They will be prompted with the MFA challenge during login.

  • If the option is not enabled, users will have an Authenticator status of No Authenticator.

    • These users will be required to complete enrollment upon their first login to Oracle EBS.

Part III: Verify MFA (2FA) for the Web Application

  1. Open a browser and visit: https://demo.datawiza.net/

  2. Log in to your web application. In this tutorial, we’ll use Oracle JD Edwards (an Oracle ERP system) as an example. However, as mentioned earlier, this solution works with any web application, including in-house developed and third-party apps. Web App MFA | Web App Username Password

  3. After successful login, you'll be prompted with the Datawiza MFA challenge. Web App MFA | MFA Challenge If you enable the JIT user provisioning, newly authenticated users will see the enrollment page immediately after login: Web App MFA | JIT Enrollment Prompt

  4. After the user successfully completes MFA, they should be able to access the web application as usual. Web App MFA | JIT Enrollment Prompt

Copyright © 2024 Datawiza Technologies Inc