Multi-factor authentication

Multi-factor authentication (MFA) is an authentication method that requires more than one piece of information to verify the user’s identity and grant access. Typically, MFA requires that this information or factors of authentication meet at least two of these categories:
  • Knowledge. Something the user knows
  • Possession. Something the user has
  • Inherence. Something the user is

Two-factor authentication (2FA) requires two of these authentication factors.

As part of an identity provider (IdP) configuration, you can enable and define a global MFA policy. This requires users who log into the portal to use their standard login credentials and at least one other MFA verification factor, such as email, SMS, or a time-based one-time password (TOTP) authentication token every time they log in.

Note: If you have configured the IdP login portal to support a different primary language other than English, then MFA is received in that language.
In the IdP configuration, you can define these settings:
  • MFA Timeout. After a user authenticates with MFA, this setting defines how long the session is valid before MFA is required again. By default, 365 days are configured as the timeout.
  • MFA Factor. Supported factors of authentication. ETP supports these factors:
    • Email. ETP sends authentication code to the user’s email address.
    • SMS: ETP sends authentication code to the user through text message.
    • Authentication token or time-based one-time password (TOTP). Authenticators that are installed on a mobile device. ETP supports Google and Microsoft authenticators. For more information, see Install a time-based one-time password applications on a mobile device.
    • Duo. Duo Security is a multi-factor authentication (MFA) provider that confirms the identity of users and the health of their devices before the user gains access. For more information, see Duo Security two-factor authentication.
    • Import email from directory. This setting imports email addresses from the directory associated with the IdP and sends authentication codes to the user’s email address.