In EmpowerID, Passwordless login is a type of multi-factor authentication (MFA) that you can apply to Password Manager Policies to allow users with the policy to skip the password and login using only their EmpowerID user names or email addresses. This simplifies the login process for users by not requiring them to remember their passwords, while making their accounts more secure through multi-factor authentication.
Passwordless Login Flow
To login using Passwordless login, users click the Passwordless Login link on the login page. This initiates the Passwordless Login MFA workflow, which asks the users to submit either their user names or passwords. This workflow has a boolean parameter named TargetUsePolicyMultiFactor, This parameter must be set to true for the workflow to continue. If true, the workflow then looks at the Password Manager Policy associated with those users—and based on the Passwordless Login MFA settings of that policy—asks each user to authenticate using one or more of the MFA types set for the policy until they reach the required number of MFA points to login.
From the above flow, we can see two main components of Passwordless login—the Passwordless Login MFA workflow and the Password Manager Policy. To successfully implement Passwordless login, you must configure both. This topic demonstrates how.
Setting up Passwordless Login
- From the navigation sidebar, expand Admin, then Policies, and click Password Manager Policies.
- From the Policies tab of the Password Manager Policies management page, search for the policy for which you want to configure Passwordless login and then then click the Display Name link for that policy.
- From the Policy Details page that appears, click the Edit button for the policy.
- Click the Authentication Settings tab and then specify the minimum number of MFA points required for Passwordless login in the Min Passwordless Login MFA Point if Local and the Min Passwordless Login MFA Points if Remote fields.
- Save the settings.
Next, expand the Multifactor Authentication accordion and ensure that the policy has enough Multi-factor Authentication types to reach the point threshold set in the above step.
To add MFA Types to Password Manager Policies, see Assigning Assign MFA Types to Password Manager Policies.
- Next, set the TargetUsePolicyMultiFactor parameter of the Passwordless Login MFA workflow to true by doing the following:
- From the navigation sidebar, expand Resources and then click Workflows.
- Search for Passwordless Login MFA and then click the Display Name link for the workflow.
- Expand the Request Workflow Parameters accordion and click the Edit button for the parameter.
- Change the Value from false to true and then save your changes.
- From the navigation sidebar, expand IT Shop and click Workflows.
- Click the Recycle EmpowerID AppPools button.