We have CRM which is web application on a LAMP stack deployed on premise, the external users can access this application via 2FA, the 2FA solution that we have used is Duo Security (where CRM application uses Duo Access gateway and Duo Access Gateway use Windows AD for authentication).
As We could not achieve advanced Reporitng though CRM application hence we went for custom development using .NET. This takes csv output from CRM and generates the expected reports.
We have to integrate these 2 applications and based on feasibility between 2 application implementers understood in the CRM application they will provide link of .NET application when click on it, this will open up the new tab of the Reporitng server from here the reports are fetched. CRM login user and reporting system login user will be same they will use the tokens for each user but the .net implementer says static token once in few days this can be changed.
Suggestion /advice requested.
From IT point of view: CRM server URL is published to public/internet but reporting server URL is not published for public/internet, in this case when external user access the CRM application via 2FA and then click on advanced reporting will it resolve the reporting server URL (for the external user who has already gained access of CRM application please suggest). I think it is not possible please suggest.
Please help me with best way to ensure the security and reporting server URL also accessible for the external users once they already accessed CRM and click for Reporting server URL (will publish Reporitng server to public/internet but if someone steals the URL) as .NET implementer says static token integration with CRM application, if this URL is leaked then other can access the Reporitng server.)
Please suggest the best practice. Thanks in advance.