good idea, would like this implemented! 

Good idea! 2FA should be the bare minimum for admin tools that are exposed on the internet.

I agree with the others so far, 2FA or IP address whitelisting is a must for Service Center & Lifetime in the cloud. I would prefer 2FA as it's more flexible. My only option at the moment is to look at some kind of web application firewall to achieve this.

IP address restriction has been easy to achieve in our applications, it would be nice to protect the admin tools as well.

It's just occurred to me that this should also be extended to logins for Service Studio and Integration Studio as well.

Chris.

Considering the fact that the cloud version does not support internal network for IP white listing

At the time of writing this idea Outsystems did not support restricting access to an Internal Network for their cloud solution. This feature is since early this quarter available.

Robin.

Where is this feature available Robin?

Chris.

Hi Chris,

The feature is indeed available for Enterprise users. You'll need to open a Support Case and request to set it.

Cheers,

Paulo

Hi, 

We are looking for the same for on premise deployment. Any design patterns and customizations in service center and lifetime that the team can share with us? 

Jonathan 

@outsystems Any updates on the roadmap regarding implementing MFA on the platform ?

Also for Azure Deployment, two factor for ServiceCenter, LifeCenter and Development tools to secure Admin/developer access to platform it's a must in today's security requirements, like ISO27001.

+1 we must have it !

Definitely a must-have going forward.

This should be a mandatory addition in todays age of accounts being hacked through weak passwords and social engineering. I'd also like the ability to set password criteria - such as complexity and length of any passwords + frequency of resets. Because we hold a lot of very sensitive client data (and we know of projects done with outsystems for the Australian Government), this should be at the top of the list for implementation.  Surely it's not super difficult to implement?

+1 Great idea!
Definitely a must have for an added layer of protection to Lifetime and ServiceCenter.

Please implement this OutSystems.

Thank you

This is a compliance requirement in financial services.

Please be available as soon as possible.

100% agree this is a must for Litetime and needs to be added ASAP!!!!

Unfortunately, we've been waiting for 5 1/2 years now :-(  

Yes this is a must. Since there is no native support for SAML in lifetime, atleast this would be a mitigation for having local usernames/passwords.

This is indeed a must-have, and one of our current client's biggest concerns.

Just to add another two cents to this - the UK's Cyber Essentials Plus certifications has now expanded to include cloud platforms such as OutSystems.  So all government and public bodies have been asking for the CE+ certification from service providers.  And we don't always manage to get an Enterprise license, or use a common external identity provider.  Some kind of standalone 2FA solution on all options would be needed with the CE+ updates. 

Links:

https://www.ncsc.gov.uk/cyberessentials/overview

https://iasme.co.uk/cyber-blog/the-january-changes-to-the-cyber-essentials-scheme-reflect-the-changing-cyber-threats-in-todays-digital-environment/ 

Hello OutSystems,

This is the must function to include and been this topic around 2015.

when this will be included part of the platform?

Thanks

Anil.

Hi OutSystems, update on this please.

Thank you.