The Multi-Factor Authentication (MFA) system in the eTag Fuse platform enhances security by requiring users to provide multiple forms of verification before gaining access to applications or sensitive data. By integrating MFA into the authentication process, organizations can reduce the risk of unauthorized access, even if a user's primary credentials are compromised. MFA supports a variety of methods, such as Time-based One-Time Passwords (TOTP), SMS verification, email codes, and authentication apps.
The platform supports TOTP, where users generate a temporary, time-sensitive code using an authentication app (such as Google Authenticator or Microsoft Authenticator) to complete the authentication process.
Users can receive verification codes via SMS or email, adding an additional layer of authentication.
Administrators can configure the generation, delivery, and expiration of security codes, ensuring that codes are valid for a limited time and cannot be reused.
Administrators can create and enforce MFA policies that define when MFA is required and which methods are allowed.
Fuse integrates MFA with risk-based authentication, dynamically adjusting authentication requirements based on the user’s risk profile. For example, users logging in from unfamiliar devices or locations may be required to complete MFA even if it’s not usually enforced.
Administrators can configure user enrollment workflows, allowing users to self-enroll in MFA or be prompted to enroll during their next login.
MFA is integrated with external identity providers (IDPs), ensuring that users authenticating via third-party systems are also subject to the organization's MFA policies.
MFA is fully integrated with the platform’s security policies, allowing administrators to enforce MFA requirements based on user roles, groups, or specific applications. Security policies ensure that MFA is consistently applied across all users and systems.
High-Security Logins for Executives: An organization configures MFA for all executive accounts, requiring TOTP-based authentication every time an executive logs in. This ensures that sensitive executive-level data is protected, even if credentials are compromised.
MFA for Remote Workers: A company enables SMS-based MFA for remote employees, ensuring that workers accessing company resources from outside the office complete a second verification step to confirm their identity.
Risk-Based MFA for Financial Applications: A financial institution uses risk-based authentication to trigger MFA only when users log in from unfamiliar devices or networks. Users on trusted devices are not prompted for MFA, improving the user experience while maintaining security.
The Multi-Factor Authentication (MFA) system in the eTag Fuse platform provides flexible and robust security by requiring multiple forms of authentication. With support for TOTP, SMS, and email verification, as well as adaptive MFA policies, Fuse ensures that organizations can protect sensitive data and applications from unauthorized access.