MFA (Multi-Factor Authentication) context

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of MFA (Multi-Factor Authentication) Context

    The MFA (Multi-Factor Authentication) context establishes how and when MFA is enforced during user login. It defines if a second authentication factor is required and takes precedence over user or role-based settings. This context does not restrict access but modifies authentication behavior.

    Show full answer Show less

    Key Features

    • MFA Context Record: Determines the necessity of a second authentication factor during login.
    • Default Policy Options: Choose between Step-Up MFA Policy (enforces MFA based on specified conditions) and Step-Down MFA Policy (enforces MFA by default unless conditions are met).
    • Policy Inputs and Conditions: Displays the inputs and conditions of the selected policy, allowing reference but not modification directly from the MFA context.
    • SSO Integration: MFA with SSO login requires the glide.authenticate.mfa.with.multisso.enabled property to be enabled.

    Key Outcomes

    By configuring the MFA context, you enable tailored authentication processes that enhance security without limiting user access. Properly setting up these policies ensures that MFA is enforced under specified conditions, thereby protecting your instance effectively.

    The MFA (Multi-Factor Authentication) policy context uses a policy to define how and when MFA is enforced during the login process.

    MFA context record

    The MFA (Multi-Factor Authentication) policy context defines whether your users must provide a second form of authentication when logging in. This context does not deny access to your instance as the post-authentication and pre-authentication policies. The policy you select in this context takes precedence over user or role-based configurations for multi-factor authentication.

    To access the MFA context, navigate to All > Multi-factor Authentication > MFA Context.

    Use the fields in the Post-authentication policy context record to define how your instance uses your policy.

    Note:
    • If the default policy is Step-Up MFA Policy, users will be shown with Multi-factor Authentication if policy configured in Step-Up MFA Policy evaluates to true. Policy takes precedence over the user or role based configuration.
    • MFA with SSO login will only be available if glide.authenticate.mfa.with.multisso.enabled Property is set to true.
    • You can navigate to the Authentication Policy record to Add or Edit the 'Policy Input(s)' to the referenced Policy field (Step-Up MFA Policy or Step-Down MFA Policy).
    Table 1. MFA context form
    Field Description
    Name Name of the policy context. This field is static and cannot be changed.
    Description Description of the context
    Default Policy Defines the default behavior of this context when evaluating the policy. Select from the following options.
    Step-Up MFA Policy
    Enforces MFA to users when the policy conditions defined in the Step-Up MFA Policy field evaluate to true.
    Step-Down MFA Policy
    Enforces MFA by default. MFA is not enforced only when the policy conditions defined in the Step-Down MFA Policy field evaluate to true.
    Step-Up MFA Policy The policy used for this context uses. This field appears only when the Default Policy field is set to Step-Up MFA Policy.
    Step-Down MFA Policy The policy used for this context uses. This field appears only when the Default Policy field is set to Step-Down MFA Policy.

    Policy inputs and conditions

    The Policy Input and Policy Conditions tabs display the inputs and conditions of the policy selected in the Step-Up MFA Policy or Step-Down MFA Policy field. These tabs serve as a reference, but cannot be used to change the policy inputs or conditions. To modify your policy settings, navigate to the policy using the reference icon (Reference icon) next to the Step-Up MFA Policy or Step-Down MFA Policy field.

    Note:
    Policy conditions can be created from here, but as a good practise it is recommended to add new policy conditions from policy page.
    This example shows an MFA context record configured using a step-up MFA policy. This default policy means that MFA is enforced only when the conditions defined in the policy evaluate to true. The context uses a policy called Step-Up MFA policy. That policy has a set of inputs and conditions that are displayed in the Policy Input and Policy Condition tabs.
    Figure 1. MFA policy context form
    MFA policy context record