Multi-Factor Authentication (MFA)

After the user enters the username and password, they are prompted to select an additional verification method: e-mail or SMS. The methods are available depending on what data the user has added and enabled for MFA on the identity provider (IDP) side. After selecting the email verification, for example, a one-time-password (OTP) code is sent to the user via mail. After providing the code, it's verified and, either allows the access or denies it, depending on the outcome of the verification. If the whole process succeeds, the client app can proceed to getting consent and requesting an access token. This process is outlined in the diagram below:

Learn how

After the user enters their username and password (and possibly completes the authentication MFA), the consent screen gets displayed with the scopes requested by the client application. When MFA protection is enabled for the selected scopes, additional actions are required. The user needs to select the MFA method and enter OTP provided by them via mail or SMS. As soon as the verification code is provided and its verification is successful, the scope becomes available for granting.

Learn how

Organizations may require multi-factor authentication from the administrator user while logging into the SecureAuth platform.

Learn how