This is a proof of concept for the SANS TOTP project. It is a simple implementation of the TOTP algorithm in Python and deployed to AWS Lambda.
-
Clone this repository.
-
In the
code/lambda_layer
directory, create a virtual environment, activate it, and install the dependencies withpip install -r requirements.txt
.cd code/lambda_layer python3 -m venv venv source venv/bin/activate pip install -r requirements.txt deactivate
-
Attempt to sign into the Azure Portal using an account with MFA-enforced and click Next when prompted.
-
Click on the I want to use a different authenticator app link.
-
On the next page, click Next when prompted to set up your account.
-
When presented with a QR code, click on the Can't scan image? button.
-
Copy the Secret key value by clicking on the clipboard icon. Keep this tab open and return to the terminal.
-
Deploy the Terraform code as shown below.
-
During this process, you will be prompted to enter the secret key value. Paste or type the secret key value and press Enter (you will not see feedback as this value is marked
sensitive
in the Terraform code). -
You will also be prompted if you would like to continue. Type
yes
and press Enter.
terraform init terraform apply
-
-
After the Terraform code has been deployed, visit the URL shown in the Terraform output in a new tab. Leave this tab open for now.
-
Go back to the Azure Portal and click Next.
-
You will now be prompted to enter a 6-digit code. Refresh the page that you opened in step 9 and copy the code that is displayed.
-
Paste the code into the Azure Portal and click Next.
-
You should see that the MFA enrollment was successful. Click Done to complete this process.