miniOrange, a leading provider of Single Sign-On (SSO), Two-Factor Authentication (2FA), and User Provisioning modules, collaborated with a prominent healthcare institution to achieve enhanced website security and streamline user authentication.
This case study explores how miniOrange utilized its flagship Drupal modules, Drupal LDAP / Active Directory Login Integration and Drupal TFA/MFA Authentication, to fulfil the client's requirements, reinforcing their user login process while maintaining the highest standards of data protection.
About the project
Requirements:
Our client, a healthcare organization, sought robust and seamless authentication solutions to ensure secure access to their Drupal website. They had specific requirements, primarily focusing on LDAP authentication and two-factor authentication (2FA) to reinforce their user login process. The goal was to create a smooth user flow while maintaining robust security measures and safeguarding sensitive patient data.
LDAP Authentication: The client wanted to authenticate their users against an LDAP server to centralize user management and ensure seamless access for authorized personnel.
Two-Factor Authentication: In addition to LDAP authentication, the client sought to implement a second layer of security to protect against unauthorized access. They opted for two-factor authentication, with OTP delivered via email as the chosen method.
Implementation:
Drupal LDAP/Active Directory Login Integration:
The miniOrange team configured the LDAP/Active Directory integration module by establishing a connection between the Drupal website and the client's LDAP server.
During the user login process, Drupal communicated with the LDAP server to verify the entered LDAP credentials. Successful LDAP authentication allowed users access to the website.
Drupal TFA/MFA Authentication:
miniOrange's TFA/MFA Authentication module was implemented to add another layer of security. After successful LDAP authentication, users are prompted to verify using OTP over the email authentication method. This involves -
Generating and sending a one-time passcode (OTP) to the user's registered email address.
Validating the OTP entered by the user against the one sent via email.
Granting access to the user upon successful OTP verification.
The user flow is smooth and straightforward, eliminating the complexities of these authentications and delivering the best results in terms of the user experience. The flow looks like the following -
User Visits the Drupal Website: The user journey commences with the user visiting the Drupal website.
User Enters Credentials: To gain access to the website, the user enters their username and password in the designated fields. (LDAP credentials)
LDAP Authentication: At the backend, miniOrange's Drupal LDAP / Active Directory Login Integration module comes into play. It initiates the LDAP authentication process, validating the user's credentials against the LDAP server.
Two-Factor Authentication (2FA): If the LDAP authentication is successful, the user is prompted to enable two-factor authentication. In this case, miniOrange's Drupal TFA/MFA Authentication module handles the 2FA process.
OTP Over Email: The chosen 2FA method for this healthcare client is OTP over email. A one-time passcode is sent to the user's registered email address.
User Enters OTP: The user enters the correct OTP received on their email into the Drupal website.
Successful Login: If the OTP verification is successful, the user is securely logged in, ensuring an additional layer of protection beyond traditional username and password authentication.
Results:
The successful implementation of LDAP authentication and two-factor authentication provided several key insights:
Enhanced Security: The combination of LDAP authentication and 2FA significantly strengthened the institution's website security, preventing unauthorized access and ensuring that only valid users with correct credentials could proceed to 2FA.
Seamless User Experience: Despite the added security measures, users experienced a seamless and user-friendly login process. The quick and hassle-free 2FA process through OTP over email was well-received.
Flexible Configuration: miniOrange's Drupal modules offered a high level of customization and flexibility, allowing the institution to tailor the authentication process to align with their specific needs. (easy representation)
Reduced Authentication Hassles: The introduction of 2FA minimized the risk of account breaches due to weak passwords, instilling greater user confidence in the security of their accounts.
Scalable Solution: The implemented solution proved to be scalable, accommodating potential future enhancements or integrations as required by the institution.
Conclusion:
In conclusion, the healthcare institution has implemented miniOrange's authentication modules, specifically designed for Drupal, which have led to enhancements in security and user experience. Website visitors are now able to access and share sensitive information with a certain level of confidence, as the modules offer what is considered advanced security measures.
Why Drupal was chosen
The healthcare institution was already using Drupal as its Content Management System (CMS), making it convenient to integrate the authentication modules without any major disruptions.
Drupal's open-source nature allowed miniOrange's development team to tailor the modules to meet the client's specific requirements. Considering the healthcare industry's specific data protection needs, Drupal's reputation for providing a secure and customizable platform made it an ideal choice for the institution.
Technical Specifications
Drupal version:
Key modules/theme/distribution used:
