Page Comparison

In EmpowerID, multi-factor authentication (MFA) is a flexibleversatile, points-based system that allows you administrators to specify determine the number and types of factors that users must present when authenticating, as well as during authentication and the weight or point value associated with each of those factorsfactor. When users reach the designated point threshold, they are authenticated and granted access to the system. EmpowerID supports several a variety of MFA types out-of-the-box to ease facilitate user adoption. These include, including:

1. DUO Two-Factor Authentication – When

...

1. required

...

1. by a Password Manager Policy, users must approve a secondary authentication request

...

1. pushed to their mobile phones, sent as a one-time passcode, or delivered via a phone call.

...

1. This MFA type requires a Duo account registered in EmpowerID

...

1. and user enrollment in Duo, registering a mobile phone, tablet, landline, or U2F token.

...

1.  If you do not have a Duo account, you can sign up for one by visiting https://signup.duo.com/.

2. EmpowerID Mobile Authenticator – When

...

1. required

...

1. by a Password Manager Policy, users must approve a secondary authentication request pushed to their mobile phones. To

...

1. utilize this MFA

...

1. type,

...

1. EmpowerID must

...

1. be configured EmpowerID for the mobile app.

2. EmpowerID One-Time Password – When

...

1. required

...

1. by a Password Manager Policy, users

...

1. must verify their identity by entering

...

1. a one-time passcode generated by EmpowerID

...

1. , delivered via email, SMS,

...

1. or voice call. To use

...

1. SMS and voice

...

1. calling features

...

1. , organizations must

...

1. register a Twilio account

...

1. in EmpowerID.

2. FIDO WebAuthN – When

...

1. required

...

1. by a Password Manager Policy, users

...

1. are prompted to insert their security key (e.g., Yubikey device) and press the button or

...

1. gold disk on the key

...

1. .

...

1. EmpowerID generates a certificate linking the Yubikey to the person authenticating

...

1. upon first use.

2. OATH Time-Based One-Time Password – When

...

1. required

...

1. by a Password Manager Policy, users must verify their identity by entering a time-based code generated by a client application installed on their mobile devices, such as Google Authenticator or DUO.

2. Yubico OTP – When

...

1. required

...

1. by a Password Manager Policy, users must verify their identity by generating a one-time password via their Yubikey.

...

1. Yubico OTP

...

1. requires an API key from Yubico and

...

1. registration in EmpowerID. Users must also

...

1. possess a Yubikey device.

   
   

Assign MFA Types

1. On the navbar, expand Password Management and click Password & Login Policies.

2. From the Policies tab of the Find Password Manager Policies page, search for the policy you want to apply LoA points to and then click the Display Name link for that policy.
   

   

3. On the Policy Details page that appears, expand the Multifactor Authentication accordion and then click the Add-Type (+) button to the right of the grid.
   

   

4. In the dialog that appears, click the Type drop-down and select one of the MFA Types mentioned above.
   

   

5. Set the priority for the type in the Priority field. The lower the number, the higher the priority. Priority is only applicable when the MFA Type is required.

6. Specify whether the MFA type is required. If required, users with the policy must authenticate using the type. When a policy has requires more than one MFA Type required, users must authenticate using each type in the order specified by the priority for the type.

7. Click Save.
   

   Insert excerpt
   IL:External Stylesheet IL:External Stylesheet nopanel true

   
   

...