Overview
Authentication Policies empower administrators to govern the manner in which users gain access. In most cases, users are required to enter a username and password, however, some organization may require additional input to gain access.
Multi-Factor Authentication (MFA) is the process by which an organization or system can require login input(s) specific to an individual in addition to a username and password; MFA focuses on access control. During eras prior to computers, MFA included, amongst other measures, "the secret handshake", answering a riddle known only to indoctrinated members, or perhaps a practical demonstration of an organization-specific skill or knowledge base. The benefits of using MFA include ease of use and adding an extra layer of security at a negligible cost to the organization; in some cases, MFA does not cost the organization anything!
Today, however, the most common MFA context is computer access control and may include, but does not necessarily require, a separate device with an application installed to generate an access code. For example, while logging into a specific work-related application or to gain restricted access area entry, the organization may require the individual to answer a challenge question or provide biometric data (e.g. fingerprint, iris scan). MFA is a diverse subject and to discuss each MFA "type" is beyond the scope of the RapidIdentity Federation Administrator's Guide.
RapidIdentity 3.5 introduced Modular Authentication. It is now possible for administrators to prioritize authentication policies, assign and configure authentication criteria, and also prioritize, assign, and configure authentication methods. The many degrees of freedom allow administrators nearly infinite options to create policies for all users and groups within an organization, regardless of LDAP grouping, time zone location or network subnet.
The child pages detail how authentication methods can be leveraged in RapidIdentity Authentication Policies.