No, Rublon does not have access to user passwords. Rublon is designed to enhance security by adding an extra layer of authentication, but it does so without ever seeing or storing your password.
How Rublon Works
After a user has been enrolled in the Rublon platform, they continue to log in using their username and password as usual. After entering their credentials, Rublon prompts them to verify their identity using a second authentication factor. This can be done through various methods, such as SMS Passcode, Mobile Push, WebAuthn/U2F Security Key, or even a smartphone app like Google Authenticator.
The key point is that this second factor of authentication is entirely separate and independent from your username and password. Rublon never interacts with your password.
Rublon and Identity Providers
Rublon is not an Identity Provider (IdP). It relies on an external Identity Provider, such as Active Directory or FreeRADIUS, to handle user authentication based on passwords. The Identity Provider has access to your password and manages the first factor of authentication.
Rublon integrates with your Identity Provider to add additional authentication factors, ensuring that even if the first factor (your password) is compromised, unauthorized access is still prevented by requiring the second factor
User Data in the Rublon Admin Console
The users listed in the Rublon Admin Console are fetched from the Identity Provider on the first successful login (or added manually by the administrator and later recognized by their usernames when logging in). This allows administrators to manage users and enforce policies within Rublon. However, it is important to note that there is no option to set or change user passwords within the Rublon Admin Console. This is because Rublon does not have access to user passwords at any stage of the authentication process.
Rublon is entirely separate from your Identity Provider. When you authenticate, Rublon communicates with your Identity Provider to confirm your identity, but it never asks for your password directly. This separation is crucial for maintaining security. If your Identity Provider is compromised, Rublon Multi-Factor Authentication (MFA) still provides a robust defense because the additional authentication factors are not connected to the compromised credentials.
Rublon MFA enhances your security by adding extra layers of authentication without ever accessing or storing your passwords, keeping your accounts safe and secure.
Integration using Rublon Authentication Proxy
Integrating Rublon MFA with your VPNs using the Rublon Authentication Proxy requires you to create a read-only account in your Active Directory (or another LDAP directory service) that will be used exclusively for user searches. It’s important to note that this account is not intended for general login use and should be configured with the principle of least privilege, meaning it should only have the minimum permissions necessary to perform its function.
Note that the credentials provided for this read-only account are used solely within your internal infrastructure by the Rublon Authentication Proxy application and are never transmitted over the internet to Rublon servers. This ensures that your security is maintained while enabling seamless integration with your existing directory services.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article