Skip to main content

Activation of Authentication Methods

cidaas Multifactor or Two-factor Authentication offers an additional layer of security for end-users. It provides the user with the means of verifying their identity through a second channel to eliminate any doubt about the legitimacy of an access request. MFA is available for password-based (email/username/mobile number and password) and passwordless authentication flows.

This section will help users understand different authentication methods, show you how you can activate authentication methods for your instance, and define per client which authentication methods are supported for this client.

Instance-Specific Activation

The first step to allowing or disallowing authentication methods is to change the global setting. This way, you can restrict particular authentication methods or enable them by navigating to the home page menu tab, under Multifactor-Settings>MFA settings for your instance.

Authentication-instance-specific

Enabling MFA and Smart MFA

As an administrator, you can enable MFA and smart MFA for your app with a simple configuration on the cidaas admin account.

On the home page,

  1. Navigate to Apps > App Settings.

  2. Click the Edit App icon (for the app you want to set up MFA for).

  3. Click Advanced Settings.

  4. Scroll down and click Authentication. ou will find the following screen.

    enbling-mfa-smart-authentication

    MFA settings options

  • Always: Selecting this option will always ask for MFA during login.

  • Smart: Selecting this option will ask for MFA based on priority.

    For example, if you select "email" as MFA, the next 2FA will be face, voice, touch, and FIDO.

  • Time-based: Selecting this option will ask for an MFA after the selected time frame.

  • Smart plus time-based: Selecting this option will ask for MFA during the selected time frame based on priority.

    Authentication options

    List of MFAs that you want to enable in the above MFA settings.

5.Click Save.

Enabled MFA Authentication

Once you enable and save the MFAs, you will find the list of MFA on the login page. Based on the selected MFA settings (Always, Smart, etc.) you will find the 2FA screen.