- Knowledge. Something the user knows
- Possession. Something the user has
- Inherence. Something the user is
Two-factor authentication (2FA) requires two of these authentication factors.
As part of an identity provider (IdP) configuration, you can enable and define a global MFA policy. This requires users who log into the portal to use their standard login credentials and at least one other MFA verification factor, such as email, SMS, or a time-based one-time password (TOTP) authentication token every time they log in.
- MFA Timeout. After a user authenticates with MFA, this setting defines how long the session is valid before MFA is required again. By default, 365 days are configured as the timeout.
- MFA Factor.
Supported factors of authentication. ETP
supports these factors:
- Email. ETP sends authentication code to the user’s email address.
- SMS: ETP sends authentication code to the user through text message.
- Authentication token or time-based one-time password (TOTP). Authenticators that are installed on a mobile device. ETP supports Google and Microsoft authenticators. For more information, see Install a time-based one-time password applications on a mobile device.
- Duo. Duo Security is a multi-factor authentication (MFA) provider that confirms the identity of users and the health of their devices before the user gains access. For more information, see Duo Security two-factor authentication.
- Import email from directory. This setting imports email addresses from the directory associated with the IdP and sends authentication codes to the user’s email address.