Skip to content

Multi-Factor Authentication

When you need an extra level of authentication beyond the first-factor, in order to secure your customer identities, that’s when most folk turn to the power of MFA.

Hi, I’m Peter Fernandez, an Innovator, Architect, Consultant, Engineer, and Principal Developer Advocate at Auth0 by Okta, and this is my take on the MFA functionality provided by the Auth0 platform.

What is MFA?

Multi-Factor Authentication – a.k.a. MFA, or 2-Factor Authentication (2FA), where only one additional factor is defined – is where a user provides an additional level of authentication via the use of an additional factor. MFA is a complement to first-factor authentication – which is typically where a user authenticates using a UserID and Password, Social, Enterprise Federation, or Passwordless workflow.

Typical MFA deployment

MFA is typically deployed across all users. It typically employs an additional user authentication mechanism – also known as a factor – in an attempt to prove that a user is, in fact, who they say they are. The use of MFA can be an excellent deterrent against Phishing attacks and the like.

Step-Up Authentication

Step-up Authentication is a variation on a theme, where a user is put through MFA at some point in time after first-factor workflow. And it may be more than once too! Step-up Authentication is typically transactional-driven, for example, during financial transactions or the like. Click on the image to see an example and read more about Step-Up Authentication as part of Paywall processing.

Build it yourself?

You could build support in-house, yourself. That’s true. Click on the image to read more about doing just that, and watch the recording of my related webinar here. If your team has the resources, time, capacity, knowledge, and expertise in developing SSO; deploying Attack Protection; leveraging OIDC and/or SAML for Authentication, Social and/or Enterprise Federation; implementing Passwordless and/or MFA, and/or (optionally) OAuth 2.0 for API Authorization – then it’s definitely an option. But what if there was a better way?

A More Adaptive Approach

Or you could integrate with Auth0 Universal Login! Integrating Universal Login as part of your application login workflow gives you instant access to MFA; click the image to read more. It also gives you access to Auth0’s own Adaptive MFA – where you decide exactly when a user needs to provide an additional authentication factor. With Adaptive MFA, users only need to go through additional security when an additional level of security is required. So Step-Up Authentication is a breeze. With Adaptive MFA, you can progressively roll out MFA too: choose groups of users at a time rather than forcing everyone to use MFA all at once.

Customizable

Enable policy-based workflow to determine when a user will be prompted to complete additional Multi-Factor authentication.

Extensibile

Use Auth0 Actions extensibility to create Adaptive MFA workflows, ensuring only specific factors are used and in specific circumstances.

Support for multiple Factors out-of-the-box

Leverage a wide range of MFA factors provided out-of-the-box – including FIDO Authentication with WebAuthn!

Integrate with ease

With a variety of out-of-box options provided by a wide range of SDKs, you can build an initial integration with Auth0, written in any programming language and supporting any technology stack, in a matter of hours. Click on the image to visit the Auth0 SDK website and discover how to integrate with ease.

Read more about it on the Auth0 Blog

Read more about MFA on the Auth0 Blog, where you can find numerous other articles on how Auth0 makes life easier when it comes to building Customer Identity & Access Management.

Want to learn more?

Okta provide a wide-range of cost-free courses to help you level-up your skills. Why not click on the image to see what you can discover with Okta Training today!

MFA and Anomaly Detection Increase Security Company-Wide at Siemens

When Siemens integrated with Auth0, MFA was one of the mandatory requirements for the service from the beginning – and hugely helpful in satisfying the needs of key stakeholders. Hugo Francisco, Service Owner of Siemens ID, told us that the ability to give internal clients an additional level of sign-in security with three distinct ways of adding a second factor came to be one of the main differentiators: “the MFA possibility of our service is one of the most requested/wanted features of our service delivery.” Click on the Siemens logo to read the full story.

Stay informed

Helpful Identity & Access Management articles that are timely and relevant, whatever your level of experience. Whether you prefer to learn by reading, listening, watching videos, cloning repos, copying code, or attending a workshop or conference: content is everywhere and made for developers like you. Click on the image to subscribe to the newsletter today!

Begin the journey…

Sign up here, and create a free Auth0 Tenant to begin your journey. Play with prototyping an integration of your existing code – or develop something new; experience the Okta Customer Identity Cloud, powered by Auth0, in a way that best suits you.

…or try a Demo.

If you’re looking for some inspiration, why not take a look at some of the pre-build demos at demo.okta.com – where you can test-drive sample integrations for both the Okta Customer Identity Cloud and the Okta Workforce Identity Cloud too!