Adaptive Multi-Factor Authentication (MFA)
Adaptive Multi-Factor Authentication allows for the Multi-Factor Authentication options used for each level of authentication to be configurable for your Tenant.
Adaptive MFA Levels
Adaptive MFA has two levels which can be labeled by the Client.
The First Level will be used as the First Level of login authentication and the First Level of authentication for applications.
The Second Level will be used as the Second Level of login authentication if enabled for the Tenant. It will also be used as the Second Level of authentication for applications if enabled for the Tenant.
Configuring the Levels
- All MFA options that have been enabled for your Tenant are able to be assigned to each of the levels.
- Each MFA option can be assigned to one or both of the levels.
This means that the Password option is no longer constrained to the First Level of authentication. It can be configured to be Second Level or not configured at all. MFA options such as Device Authentication previously thought of as Second Level can be configured to be First Level.
The MFA options that can be assigned to each level are dependent on which options have been enabled in your Tenant. Please see the Multi-Factor Options section of The OptimalCloud Documentation for what MFA Options are available and the My Company Account/Tenant section for information on how to enable them.
To have this feature enabled for your Tenant please enter a ticket with Optimal IdM Support.
Adaptive MFA Login
The Adaptive feature comes in upon Login or access to an application requiring a Second Level of authentication. The Authentication option used to Login as First Level will not be presented as a Second Level option to Login or authenticate to an application. This is true even if the option is configured as a Second Level option.
When the user logs in, they will be prompted for their username.
After entering their username and clicking the button , they are presented with the MFA options that have been configured as the First Level.
This example shows the user selected the Password option, entered their password and clicked the button.
If the Tenant has Second Level MFA enabled for Login, the user will then be presented with the Multi-Factor Login page showing the MFA options that were configured as Second Level. The options will not include the option that the user selected as First Level authentication.
As shown below not all of the MFA options that were configured for the First Level are available for the Second Level.
Select a Second Level option, follow the instructions and click the button to complete the Login process or access the application.