Internal company policy dictates that all internet-facing applications must use the company’s authentication provider such as Azure Active Directory (AAD) with Multi-Factor Authentication (MFA).
OutSystems applications can support this relatively easily with available forge components. However, when it comes to the OutSystems platform itself, it is not so straight forward. There are authenticator plug-ins on the forge that can facilitate AAD+MFA for LifeTime and Service Centre, but not for Service- and Integration Studio -which are desktop applications with a single authentication cycle.
The problem we solved was how to enable all the OutSystems Platform components to work with AAD+MFA using standard API’s.
The JustSolve team has designed a solution which satisfies this requirement by using a bespoke third-party application as a middleman to connect a custom OutSystems authentication plug-in to AAD indirectly via a generated One Time Password (OTP).
The solution itself is divided into two parts, namely the OutSystems Authenticator Plug-in and the JS Authenticator Web Application.
The plug-in will be deployed to each client’s platform and configured with their own information.
The web application will be hosted by JustSolve and will deliver the primary service of dealing with AAD+MFA integration and servicing login requests from client platforms.
Adds additional security:
The solution adds additional security to the Outsystems Platform so that the platform complies with the company’s standards, the same as with end-user applications.
If a developer’s AD account gets disabled they will automatically lose access to Service Studio, Integration Studio, Service Center and LifeTime.
OTP sessions expire after a set amount of time, making sessions more secure.
OTP can be sent via UI, email or SMS.
