Passwordless Login

Owned by
Phillip Hanegan
Last updated: May 05, 2022
3 min read

Passwordless login is a type of multi-factor authentication (MFA) that you can apply to Password Manager Policies to allow users with the policy to skip the password and login using only their EmpowerID usernames or email addresses. This simplifies the login process for users by not requiring them to remember their passwords, while making their accounts more secure through multi-factor authentication.

Passwordless Login Flow

To login using Passwordless login, users click the Passwordless Login link on the login page. This initiates the Passwordless Login MFA workflow, which asks the users to submit either their usernames or passwords. This workflow has a Boolean parameter named TargetUsePolicyMultiFactor, This parameter must be set to true for the workflow to continue. If true, the workflow then looks at the Password Manager Policy associated with those users — and based on the Passwordless Login MFA settings of that policy — asks each user to authenticate using one or more of the MFA types set for the policy until they reach the required number of MFA points to login.

From the above flow, we can see two main components of Passwordless login – the Passwordless Login MFA workflow and the Password Manager Policy. To successfully implement Passwordless login, you must configure both.

Configure the Passwordless Login MFA workflow

  1. On the navbar, expand Object Administration and select Workflows.

  2. Search for Passwordless Login MFA and then click the Display Name link for the workflow.

     

  3. Expand the Request Workflow Parameters accordion and verify that the value for TargetUsePolicyMultiFactor is set to true. If the value is set to false, click the Edit button and change the value to true.

Configure the Password Manager policy

  1. On the navbar, expand Password Management and select Password & Login Policies.

  2. On the Policies tab of the Find Password Manager Policies page, search for the policy for which you want to configure Passwordless login and then then click the Display Name link for that policy.

     

  3. On the Policy Details page that appears, click the Edit button for the policy.

     

  4. Select the Authentication Settings tab and then specify the minimum number of LoA points required for Passwordless login in the Min Passwordless Login MFA Point if Local and the Min Passwordless Login MFA Points if Remote fields.

     

  5. Save the settings.

  6. Return to the Find Password Manager policies page and search for the policy again.

  7. Click the Display Name link for the policy.

  8. Expand the Multifactor Authentication accordion and ensure that the policy has enough Multi-factor Authentication types with the necessary LoA points needed to reach the point threshold set in step 4 above.

     

To add MFA Types to Password Manager Policies, see Assign MFA Types to Password Manager Policies.

Assign MFA Types to Password Manager Policies

End User Docs - Using Passwordless login

Â