I'm stumped on how to solve this one.
Here's my situation:
We are having a mobile app developed for our ERP platform for our sales force. The service will be open and available on the web, which is scary but it's how it needs to be done, it's restricted via a port forward through our FW. Then to a load balancer to 2 application servers. Access to the ERP platform is password protected, obviously.
The challenges: CTO doesn't want to do 2FA, nor keep the service behind the FW forcing sales peeps to use VPN client. Wants to restrict the service to be open to only devices that we can authenticate, ONCE. We do not own these devices, BYOD.
So...how do I accomplish this?
I've thought of authenticators, RADIUS, tokens, etc but we cannot integrate that stuff direct into the ERP. I can integrate certain standardized things like RADIUS or an OAUTH authenticator with the load balancer but have not found any that can do what I need to do.
Any ideas are welcomed, so please point me in the right direction.
Thanks!
No comments:
Post a Comment