Product Feedback Forum
Help us make Sisense better by posting your product feedback here.
cancel
Showing results for 
Search instead for 
Did you mean: 

Hi,

Many customers are asking to enable two-factor authentication. It will be a very important security enhancement.

Thanks

17 Comments

Thank you for your feedback and continued partnership! We understand the importance of implementing Multi-Factor Authentication (MFA), particularly for those of our clients not utilizing Single Sign-On (SSO) capabilities.

At Sisense, we are committed to continuously improving the security and integrity of our products. We are currently in the exploratory stage of assessing the feasibility and the best possible methods for integrating MFA into our platform. This effort is a high priority for us, aligning with our broader strategy of reinforcing our security measures to better protect all our users.

While we are dedicated to advancing this enhancement, we are not yet in a position to commit to a specific timeline. As we navigate through this exploratory phase, understanding your specific use cases and requirements would greatly assist us. We encourage you to share detailed scenarios where you envision MFA providing the most impact.

We appreciate your patience and support as we work towards this upgrade, and will keep you informed with any updates. We welcome your ongoing feedback and look forward to receiving more information from you regarding your security requirements.

Hi @YuliyaMotiyets, following your comment here would be my ideal use case:

At our business, we have 1000s of customer accounts using the Sisense platform. For the majority of these, we want users to have quick and easy access to Sisense. It's important for us to make viewing their data as simple as possible. Therefore, mandatory 2FA would actually be negative to our use case.

In our business, we would look for a solution that:

  1. Didn't force 2FA on new accounts.
  2. Would give the option to enable 2FA on specific accounts (perhaps via the Admin UI, or in bulk via REST API).
  3. Would likely use SMS rather than an Authenticator App (appreciate this is less secure, again, this is easier for users to set up - ideally the option for either would be great).
  4. Was independent of SSO - we don't use this.

In short, it makes the 2FA:

  • Optional for accounts that don't need it.
  • When it is needed, it would be easy for Sisense Admins to bulk enable / disable 2FA on individual accounts.
  • As simple as possible for our customers to use - no need to download a separate authenticator App.

I appreciate our use-case might be a little different to others, so I think a flexible amount of security is potentially what's key for Sisense customers as a whole here.

Hi Team,

We would like to have MFA (Multi-Factor Authentication) feature to be brought into Sisense On-premise version as soon as possible.

Background:

  • With current data breach happened at Sisense, it's high time that Sisense should think of Customer's data security in every aspect
  • We understand with SSO security layer is present but not all customers will use SSO for every scenario.
    • Still there will be situations where credential based access will be used by some customers
    • For such situation Multi-factor authentication is really important

Use Case:

  • In our case we will use combination of SSO and Credential based access. i.e Few customers will use SSO and few customers who don't have SSO will use credential based access but will have MFA.
  • If for any user we are selecting password based access, then there should be one flag to enable MFA for that user (via SMS or via any authenticator application)
    • Sample thought:
    • Suryakant_0-1715352464815.png

Waiting to hear from Sisense to see this feature in their next release.

This is a security issue and has to be a high priority. Environments can be complex and SSO isn't always easy to set up for all users for a variety of reasons. Similar to others here, we have different groups of users that we need to tie into the system, which makes moving to SSO more challenging.

MFA is standard now for good reason. I'd support the approach above of flexibility (authenticator/SMS/none) on a per user basis.

Hi,

You can see that CDT already had this feature in the tool's core. 

https://dtdocs.sisense.com/article/two-factor

Best

2FA is not currently on the product roadmap. The majority of our customers use a SSO provider to log in to Sisense, and currently our resources are focused on other projects that will impact greater portions of our users.

Well, that was just being lazy and passing on the responsibility to the end user for keeping the data secure. As a service provider, do you not feel even a little bit responsible for the platform's security? Am happy that this is getting another look.

In light of the recent breach, I would hope that platform security will be a priority and this feature gets the attention it deserves. Like most of the folks above, a setup that allows enabling MFA per user or a group of users or for one or more roles or for all the org would be ideal but will take what we can get quickly enough. 

Hi @piyushrajput.

We appreciate your feedback, but please refrain from using insulting language.