Multi-factor authentication (MFA)
Multi-factor authentication (MFA) is an authentication technique that requires users to provide multiple forms of identification when logging in to Advanced Identity Cloud.
MFA provides a more secure method for users to access their accounts with the help of a device.
|
The word device is used in this section to mean a piece of equipment that can display a one-time password (OTP) or that supports push notifications using protocols supported by Advanced Identity Cloud MFA. Devices are most commonly mobile phones with authenticator applications that support the OATH protocol or push notifications, but could also include other equipment. |
The following is an example scenario of MFA in Advanced Identity Cloud:
-
In the Advanced Identity Cloud admin console, configure an authentication journey to capture the user’s username and password and to create OTPs.
-
An end user authenticates to Advanced Identity Cloud using that authentication journey.
-
Advanced Identity Cloud prompts the user to enter the username and password, the first factor in MFA.
-
If the user ID and password are correct, Advanced Identity Cloud sends the user an email with an OTP.
-
The user provides the OTP to Advanced Identity Cloud to successfully complete authentication, the second factor in MFA.
Advanced Identity Cloud supports the following MFA protocols:
-
MFA: Use codes from an authenticator app using OATH to enable OTP authentication.
-
MFA: Authenticate using push notification to receive push notifications in a device as part of the authentication process.
-
MFA: Authenticate using a device with WebAuthn to enable authentication using an authenticator device, such as a fingerprint scanner.