I'm trying to figure out how to enable MFA/2FA to the CMS Admin Login (/episerver/cms), but no success so far. Could some one provide directions on how this can be achieved?
Thank you very much!
This is optimially achieved by moving away from the .Net membership provider and integrating with a cloud based indentity management service such as Azure Active Directory.
If you're interested in exploring AAD, here's a blog post on integrating it with Optimizely to get you started: Using Azure AD to Secure an Episerver Website | David Boland Blog
Unfortunately, it is not an option to use Azure AD.
I was looking into Joshua Folkerts article for '2 Factor Authentication in EPiServer'
Is there a way to customize/replace the CMS Admin Login in order to include the 2FA registration and validation steps before redirecting the user to the CMS Admin Home page?
Using ASP.NET Identity:
Create a Custom Login Page. Redirect users in admininstrative roles to the admin area in your code. You have full control to customise as you require
In the StartUp, Set the LoginPath to the url of your new Login Page
AuthenticationType = "ApplicationCookie",
LoginPath = new PathString("/user")