Protectimus Customer Stories: 2FA for SICIM

SICIM 2FA customer story - logo

SICIM is a world leader in the engineering and construction of pipelines, pumping stations, industrial buildings and other facilities for the oil and gas sector

We started using Protectimus products in 2021. At the moment, my assessment of the company’s work is 10 out of 10. An important factor in choosing this two-factor authentication provider was the possibility of customizing the 2FA system for our project. We needed to secure two systems (Roundcube + Fortigate VPN Client) with one physical 2FA token for each user. After we got in touch with the Protectimus team and explained the task, they implemented the necessary functionality for us free of charge. They also helped us to integrate and set up the two-factor system the way we wanted. There were no problems or failures with the hardware tokens or the backend part so far. Everything works well.


Cristian G, System Administrator at SICIM

Key tasks for implementing 2FA for SICIM

SICIM uses the Protectimus 2-Factor Authentication (2FA) solution to secure access to corporate accounts when users log in using VPN. Also, SICIM uses two-factor authentication to protect access to the employees’ corporate email boxes.

It was important for SICIM to find a two-factor authentication provider who is ready to help with the 2FA integration and, if necessary, will customize the 2FA system to respond to the individual requirements of SICIM.

Customization of Protectimus two-factor authentication products to the requirements of our clients is one of our profiles, so we made our best to meet SICIM’s interests and added the necessary functionality to the Protectimus Cloud 2FA Service.

Let’s discuss the project for the implementation of two-factor authentication for SICIM in more detail.

SICIM wanted to solve several challenges with 2FA

  1. To protect access to corporate resources when users connect via VPN.
  2. To protect access to the employees’ Roundcube webmail accounts with 2FA.
  3. To connect hardware two-factor authentication tokens.
  4. To set up a two-factor authentication system so that employees can use the same hardware 2FA token both to log into their email and connect to the corporate account via VPN.

Для решения перечисленных задач были выбраны следующие продукты Protectimus

Challenges and Solutions

To protect access to corporate SICIM resources when users connect via VPN (Fortigate VPN Client)

The Protectimus RADIUS 2FA component was used to integrate the Protectimus two-factor authentication solution with the Fortigate VPN Client. It allows you to connect the Protectimus 2FA service or on-premise platform to any device supporting the RADIUS authentication protocol. Documentation on integrating Protectimus 2FA over the RADIUS protocol is available here.

To protect access to the SICIM employees’ webmail accounts (Roundcube)

The Protectimus Roundcube 2FA component was used to integrate the Protectimus two-factor authentication solution with the Roundcube email client. This plugin helps to set up a 2FA for Roundcube webmail client in just 15 minutes. Integration instructions are available here.

To connect hardware OTP tokens

SICIM has chosen the most modern and reliable means of generating one-time passwords – programmable hardware TOTP tokens Protectimus Flex, which are programmed via NFC. The client can add secret keys to such tokens with the help of Android smartphone with NFC.

Protectimus clients can choose from several types of OTP tokens and one-time password delivery methods. These are different models of hardware 2FA tokens (classic Protectimus Two or programmable Protectimus Flex and Protectimus Slim NFC), 2FA application on iOS or Android, delivery of OTP passwords via Telegram, Viber, Facebook Messenger, SMS or email. It is possible to activate only one authentication method or use several types of OTP tokens at the same time. The list of available 2FA authentication methods is available here.

To set up a two-factor authentication system so that employees can use the same hardware 2FA token both to log into their email and connect to the corporate account via VPN

Especially for SICIM, we added the ability to create user aliases in the Protectimus Cloud Service. So it became possible to assign one user with one 2FA token to two different resources.

One of Protectimus’ unique offerings is the ability to tailor our 2FA system to customer requirements. We are always ready to help with the imtegration of Protectimus 2FA into the most complex infrastructures and develop the requited additional functionality,if necessary. Contact us and tell us about your project here.

2FA products used SICIM

Read more Protectimus customer stories

 

2FA for Advcash: logo

 

middle tennessee state university 2fa customer story: logo

 

DXC Technology 2FA Case

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from our team.

You have Successfully Subscribed!

Author: Anna

If you have any questions about two-factor authentication and Protectimus products, ask Anna, and you will get an expert answer. She knows everything about one-time passwords, OTP tokens, 2FA applications, OATH algorithms, how two-factor authentication works, and what it protects against. Anna will explain the difference between TOTP, HOTP, and OCRA, help you choose a token for Azure MFA, and tell you how to set up two-factor authentication for Windows or Active Directory. Over the years with Protectimus, Anna has become an expert in cybersecurity and knows all about the Protectimus 2FA solution, so she will advise on any issue. Please, ask your questions in the comments.

Share This Post On

Submit a Comment

Your email address will not be published.

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from Protectimus blog.

You have successfully subscribed!

Share This