This portal is to open public enhancement requests for IBM Sterling products and services. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).
We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:
Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,
Post an idea.
Get feedback from the IBM team and other customers to refine your idea.
Follow the idea through the IBM Ideas process.
Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.
IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.
ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.
Hi Ryan
We have already suggested mentioned solution (MFA) to our customer and they have rejected it. Customer do not want captcha implementation on login page.
It is mandatory to implement rate limiting mechanism (Captcha) for file upload from UI, i.e, captcha implementation on fileupload page for myfilegateway URL. This is required to prevent any automated file upload script execution by a bot ,etc.
Captcha is required after user is authenticated ,is able to access their respective mailbox and tries to upload a file. Any file upload by user has to go through captcha validation, post validation file should get uploaded.
Request you to check the feasibility.
Just for your information, we also tried to suggest a work around as below which customer has not agreed:
1. Uploading a file can only been done by an authenticated trading partner.
2. If a trading partner acts as attacker and upload a lot of files. The problem can be easily identified and the trading partner can be disabled.
3. If the customer wants, they can disable file upload from UI and forced the trading partners to upload a file via ftp or sftp. For ftp and sftp, we have rate limit control in Deployment -> Adapter Utilities -> Policy Configuration in dashboard UI. The customer can remove "myfilegateway File Upload" permission to disable file uploading via UI.
Hello, SFG can be extended with Sterling Secure Proxy and SEAS to connect to external identity providers over SAML 2.0.
More information on MFA can be found here:
https://community.ibm.com/community/user/supplychain/blogs/vijay-chougule/2021/02/24/multi-factor-authentication-for-ibm-sterling-b2b-c