Multi-factor authentication (MFA) is a well-known security practice that requires users to pair something they know with something they possess before gaining access to their accounts and other types of sensitive information. MFA helps to safeguard against threats arising from compromised credentials. EmpowerID recognizes this, and has implemented an Adaptive MFA engine that provides an extra layer of security for all types of authentication, including Web SSO, LDAP and RADIUS. EmpowerID's MFA is "adaptive" in that it can be configured to analyze contextual information such as IP addresses, identity providers, devices, distance traveled and velocity since last login and other real-time factors to dynamically assess the risk of each login. If a risk is identified, a strong second factor can be required before access is granted. These factors, known in EmpowerID as "MFA methods" or "MFA Types," include many popular factors in use today, like DUO Push, YubiKeys and one-time passwords delivered to a person's favorite communication medium.
...
Password Manager Policy Checkpoint
The final checkpoint is the Password Manager Policy. The policy defines login restrictions, password complexity requirements, self-service password reset options, and enrollment requirements that govern a user's ability to manage their own passwords or log in to EmpowerID or any application using EmpowerID for login protection. You can create custom policies or use the default Password Manager Policy that is applied to the entire enterprise. The Authentication Settings in each policy is where the number of MFA points required to log in from local or remote subnets is defined. Depending on the MFA points required, the user may be authenticated or sent for further authentication. For more information, see Setting Up Password Manager Policies and Assigning Adaptive Authentication Rules to Password Manager Policies.
Insert excerpt | ||||||
---|---|---|---|---|---|---|
|
Insert excerpt | ||||||
---|---|---|---|---|---|---|
|
...
Next Steps
Configure EmpowerID for the Mobile App
Set MFA LoA points on Password Manager policies
Assign MFA Types to Password Manager Policies
Assign Adaptive Authentication Rules to Password Manager Policies
Set MFA points LoA Points on applicationsApplications
Assign MFA Types to applicationsApplications
Assign Adaptive Authentication Rules to applicationsApplications
Set LoA points granted by Identity Providers
Edit MFA Type LoA point values for MFA Types
Set MFA points granted by SSO connections
Configure EmpowerID for the Mobile app
Integrate Customize the MFA Retry Limit
Configure one-time password delivery types
Integrate Yubico OTP
Configure MFA Communication options
Register VASCO Hardware OATH tokens