SICIM is a world leader in the engineering and construction of pipelines, pumping stations, industrial buildings and other facilities for the oil and gas sector
We started using Protectimus products in 2021. At the moment, my assessment of the company’s work is 10 out of 10. An important factor in choosing this two-factor authentication provider was the possibility of customizing the 2FA system for our project. We needed to secure two systems (Roundcube + Fortigate VPN Client) with one physical 2FA token for each user. After we got in touch with the Protectimus team and explained the task, they implemented the necessary functionality for us free of charge. They also helped us to integrate and set up the two-factor system the way we wanted. There were no problems or failures with the hardware tokens or the backend part so far. Everything works well.
Cristian G, System Administrator at SICIM
Key tasks for implementing 2FA for SICIM
SICIM uses the Protectimus 2-Factor Authentication (2FA) solution to secure access to corporate accounts when users log in using VPN. Also, SICIM uses two-factor authentication to protect access to the employees’ corporate email boxes.
It was important for SICIM to find a two-factor authentication provider who is ready to help with the 2FA integration and, if necessary, will customize the 2FA system to respond to the individual requirements of SICIM.
Customization of Protectimus two-factor authentication products to the requirements of our clients is one of our profiles, so we made our best to meet SICIM’s interests and added the necessary functionality to the Protectimus Cloud 2FA Service.
Let’s discuss the project for the implementation of two-factor authentication for SICIM in more detail.
SICIM wanted to solve several challenges with 2FA
- To protect access to corporate resources when users connect via VPN.
- To protect access to the employees’ Roundcube webmail accounts with 2FA.
- To connect hardware two-factor authentication tokens.
- To set up a two-factor authentication system so that employees can use the same hardware 2FA token both to log into their email and connect to the corporate account via VPN.
The following Protectimus 2FA products were chosen to solve the above mentioned tasks
- Protectimus Cloud Two-Factor Authentication Service;
- Protectimus RProxy component for integration with VPN client via RADIUS;
- Protectimus Rouncube component for integration with an email client;
- Programmable hardware OTP tokens Protectimus Flex;
- An additional feature has been introduced – the ability to create user aliases. This feature made it possible to use one token for authentication on two different resources.
Challenges and Solutions
To protect access to corporate SICIM resources when users connect via VPN (Fortigate VPN Client)
The Protectimus RADIUS 2FA component was used to integrate the Protectimus two-factor authentication solution with the Fortigate VPN Client. It allows you to connect the Protectimus 2FA service or on-premise platform to any device supporting the RADIUS authentication protocol. Documentation on integrating Protectimus 2FA over the RADIUS protocol is available here.
To protect access to the SICIM employees’ webmail accounts (Roundcube)
The Protectimus Roundcube 2FA component was used to integrate the Protectimus two-factor authentication solution with the Roundcube email client. This plugin helps to set up a 2FA for Roundcube webmail client in just 15 minutes. Integration instructions are available here.
To connect hardware OTP tokens
SICIM has chosen the most modern and reliable means of generating one-time passwords – programmable hardware TOTP tokens Protectimus Flex, which are programmed via NFC. The client can add secret keys to such tokens with the help of Android smartphone with NFC.
Protectimus clients can choose from several types of OTP tokens and one-time password delivery methods. These are different models of hardware 2FA tokens (classic Protectimus Two or programmable Protectimus Flex and Protectimus Slim NFC), 2FA application on iOS or Android, delivery of OTP passwords via Telegram, Viber, Facebook Messenger, SMS or email. It is possible to activate only one authentication method or use several types of OTP tokens at the same time. The list of available 2FA authentication methods is available here.
To set up a two-factor authentication system so that employees can use the same hardware 2FA token both to log into their email and connect to the corporate account via VPN
Especially for SICIM, we added the ability to create user aliases in the Protectimus Cloud Service. So it became possible to assign one user with one 2FA token to two different resources.
One of Protectimus’ unique offerings is the ability to tailor our 2FA system to customer requirements. We are always ready to help with the imtegration of Protectimus 2FA into the most complex infrastructures and develop the requited additional functionality,if necessary. Contact us and tell us about your project here.
2FA products used by SICIM
Protectimus Roundcube 2FA
Read more Protectimus customer stories