Multi-factor authentication (MFA)
Multi-factor authentication (MFA) is an authentication technique that requires users to provide multiple forms of identification when logging in to AM.
Multi-factor authentication provides a more secure method for users to access their accounts with the help of a device. Note that the word device is used in this section to mean a piece of equipment that can display a one-time password or that supports push notifications using protocols supported by AM multi-factor authentication. Devices are most commonly mobile phones with authenticator apps that support the OATH protocol or push notifications, but could also include other equipment.
The following is an example scenario of multi-factor authentication in AM:
-
An AM administrator configures an authentication tree to capture the user’s username and password and to create one-time passwords.
-
An end user authenticates to AM using that authentication tree.
-
AM prompts the user to enter the username and password—the first factor in multi-factor authentication.
-
If the user ID and password were correct, AM sends the user an email with a one-time password.
-
The user provides the one-time password to AM to successfully complete authentication—the second factor in multi-factor authentication.
AM supports the following multi-factor authentication protocols:
-
MFA: Open Authentication (OATH) to enable one-time password authentication.
-
MFA: Push authentication to receive push notifications in a device as part of the authentication process.
-
MFA: Web authentication (WebAuthn) to enable authentication using an authenticator device, such as a fingerprint scanner.