Multi-factor authentication

This page provides you with information on multi-factor authentication.

Multi-factor authentication (MFA) is a security process in which users provide two or more authentication factors to verify their identity.

Enabling MFA

To use MFA, your brand must enable it. The configuration IS_MFA_ENABLED determines if MFA is active. To enable MFA, please raise a ticket with the sustenance team.

MFA Flow

Below is a flow chart indicating the steps involved in OTP validation. The steps are the same for new and existing users of a brand.

MFA flow with 2nd factor identifier

To enable the 2nd factor identifier, use the config CONF_AUTO_FILL_2ND_FACTOR_IDENTIFIER. See General configurations

If you enable it, the auth engine automatically populates the identifier type and value for each API in the MFA flow. This occurs for the particular session for which the token is generated from the primary flow.

The flow diagram below illustrates the steps involved and how the identifier type and value are populated.

The table below shows the four authentication combinations supported in the 2nd factor identifier.

Authentication method in the primary flowAuthentication method in MFA flow
OTPOTP
OTPPassword
PasswordOTP
PasswordPassword

OTP - OTP workflow

Below is a flow diagram indicating the steps involved and how the identifier type and value are populated when the authentication combination is OTP - OTP.

OTP - Password workflow

Below is a flow diagram indicating the steps involved and how the identifier type and value are populated when the authentication combination is OTP - Password.

Password - OTP workflow

Below is a flow diagram indicating the steps involved and how the identifier type and value are populated when the authentication combination is Password - OTP.

Password - Password workflow

Below is a flow diagram indicating the steps involved and how the identifier type and value are populated when the authentication combination is Password - Password.