Once there, you are able to access apps and services based on the groups you are assigned in that tenant. You as an MSP IT technician would need to MFA to your MSP tenant, and then you can select the client environments in which you are granted access based on the groups you are assigned. While provisioned, they would connect their various apps and account logins to this tenant. When they would off-board, your organization's access would be removed. In theory, you would setup tenants for your clients that your organization would have access to. In theory, you may find an IAM provider with multi-tenancy that works for your organization and your clients. If you want to standardize, you might want to consider SSO with 2FA to access where you can. Just note not all MFA configurations are created equal. I believe Microsoft Authenticator is simlar in this regard.
Providers like Duo seem to have flexibility in terms of how the MFA can be configured on the device. That would mean a compromised Google account could compromise that second factor.
Some providers also offer backups to cloud (Google Authenticator included). An export feature is nice and conveinient when migrating phones.Exporting to a compromised computer, or an unauthorized export to an attacker system could compromise that second factor for all of those accounts in an instant, and you wouldn't necessarily have a good way to detect that from a static export. It does appear when Google Authenticator is offered as a TOTP option by a vast majority of sites, other TOTP authenticator apps work as well by scanning the same QR code during setup. Google Authenticator seems to be the most common TOTP supported by most applications. I do think it's a valuable exercise as the potential efficiency benefits of standardization in this regard could be beneficial. I'd never ask to enumerate the client applications that would be required to know for sure. You may also find their requirements dictate there isn't a single MFA provider that can support all use cases. The right choice may be dictated based on the support of your various client's applications. That certainly changes things with respect to what would be best for your organization. It sounds lke you're referencing a MFA solution for IT Technicians at an MSP. Each of the listed and referenced have their pros and cons.
0 kommentar(er)
