Hi,
Does AWX/Ansible supports 2FA/MFA, or is there any alternate solution?
Thanks,
Raj
On the ansible side or on the webui side of things?
I can only answer for WebUI: You can use a 3rd party authorization like Azure AD/SAML/…, depending on what you chose it can support MFA.
Greetings
Klaas
Hi Klaas,
Thanks for your reply.
I am looking for both sides.
Thanks for pointing out the WEBUI side. As you mentioned options for WebUI, it looks similar to SSO based auth.
Does it include OTP based authentication as well?
Thanks,
Raj Gupta
Hi,
Can anyone please help me on this.
I have to apply (Password + OTP) auth to AWX.
- How AWX can prompt for OTP when executing job.
- How to Make AWX UI (password + OTP) based accessible.
Thanks,
Raj
- Prompting for OTP aint gonna happen when hitting execute. You are already MFAing to login, why do it again?
- Use an SSO option like SAML to add OTP. Your IDP will need to support OTP. This was mentioned already I think.
Hi Raj
As John says use something like SAML with OTP capabilities for 2.
for 1. you might be able to do something with the likes of https://learn.hashicorp.com/tutorials/vault/ssh-otp but you’ll have to hand craft this and I don’t even know if it would work. Would also mean setting something up on every target node and will only work for Linux based systems (so a lot of networking devices etc are out of scope and Windows). Not sure it’ll work with API calls to AWX either unless you manage to workflow 1. and that won’t work with 2. anyway.
AWX doesn’t provide any of this out of the box so you’ll have to devise the solutions.
Thanks John and Phil for the suggestions. I’ll try it.
Regards,
Raj