Using the Event Mapping Framework to Enforce Two-Factor Authentication

The Event Mapping Framework is a new functionality introduced in PeopleTools 8.55.  The framework provides a way to run custom code on delivered components without having to modify the delivered objects.  I am going to demonstrate how the Event Mapping Framework can be used to enforce two-factor authentication (2FA) by mapping application class PeopleCode to component events.  I have provided a proof-of-concept project that demonstrates this functionality.

This project will add the ability to do a conditional redirect before a component is loaded. Before the pre-build event of the component is fired, the custom code will check if the user has done 2FA for the session. The code will redirect the user to the 2FA page if they have not done 2FA for the session, otherwise the component will load like normal.  The flow will go from this:

Original Logic

To this:

Redirect Logic

CLICK HERE to download the project. Unzip the file and import the project into app designer.

Login to PeopleSoft and navigate to Main Menu – > PeopleTools -> Portal -> Related Content Service -> Manage Related Content Service.  Click on the Event Mapping tab.

Manage Related Content Service

Click Map the event of the Application pages link.

Map Event of App Package

For this demonstration, I would like to enforce 2FA on the Change My Password page.  So select the Change My Password content reference.

Change My Password CREF

Next, you need to assign the related content definition (the definition was imported from the provided project) to the Pre Build event on the component. Select Pre Process for the processing sequence.  This means the custom application class will fire before any code that would be defined in the Pre Build event of the component.  Click save.

Assign Related Content

Now navigate to the Change My Password page.

Change My Password Link

And you should be prompted for 2FA at this point.

2FA Page

Note: The SMS option in the project is merely a placeholder.  I did a post on how to send SMS text messages in PeopleSoft if you are interested in implementing this functionality.

After you perform 2FA and click OK, you should be redirected to the Change My Password page.

Change My Password

 

With the Event Mapping Framework, the code to check if a user needs to perform 2FA can easily be applied to Pre Build events on components across the entire application.  The great thing is that the code is being fired in a custom event.  This means that we are able to achieve this customization of enforcing 2FA at the component level without actually having to “customize” the delivered components.

I made a post here that demonstrates how Google Authenticator can be implemented with the event mapping framework to enforce two-step verification at the component level in PeopleSoft.