In EmpowerID, multi-factor authentication (MFA) is a flexible, configurable points-based system with integrated Adaptive Authentication policies which can be authored in Workflow Studio. Administrators define a specific number of trust or MFA points, and apply those points to objects in EmpowerID to provide a target point number required to authenticate to EmpowerID, and to access any third-party applications secured by EmpowerID. Adaptive Authentication policies are applied in conjunction with the MFA Trust Point system and support complex context-based rules using on identity attributes, device info, and environmental attributes such as geo-velocity. These are a few of the objects to which you can apply these policies and rules:
- Password Manager policies
- MFA methods
- IP address ranges
- Identity Providers
- Service Provider Applications
Depending on how you configure EmpowerID, you can require users to pass through a number of checkpoints and to submit additional biographic information before gaining access to resources. Checkpoints can include the user's IP address, the selected identity provider and the Password Manager policy assigned to the user.
Getting Started
Setting MFA Points on Policies
Setting MFA Points on Policies
Assigning MFA Types to Password Manager Policies
Assigning MFA Types to Policies
Assigning Adaptive Authentication Rules to Password Manager Policies
Assigning Adaptive Authentication to Policies
Setting MFA Points on Applications
Setting MFA Points on Apps
Assigning MFA Types to Applications
Assigning MFA Types to Apps
Assigning Adaptive Authentication Rules to Applications
Assigning Adaptive Auth to Apps
Editing MFA Type Point Values
Setting MFA Points Granted by SSO Connections
Setting MFA Points by SSO Connections
Integrating DUO Two-Factor Authentication
Integrating DUO Two-Factor Authentication
Integrating Yubico OTP
Customizing the MFA Retry Limit
Customizing the MFA Retry Limit
Configuring Multi-Factor Communication Options
Configuring MFA Communication Options