In This Article |
Multi-factor Authentication (MFA) refers to having multiple types of evidence (or factors) to verify a user signing into a website, application, or other resource. These factors include, but are not limited to:
Additionally, a user's location or time of day can be used as factor for signing into a resource.
An MFA provider is a service that supports MFA processes. Clearlogin is an MFA provider, it supports multiple types of MFA processes, and also has an MFA Authenticator app for Android and iOS. In addition to be an MFA provider, Clearlogin also supports the Cisco Duo MFA provider service.
Expand to view the instructions for the MFA Provider you enabled.
|
Clearlogin USB U2F (Universal 2 Factor) MFA requires a U2F USB device, and the latest version of Google Chrome or Mozilla Firefox. Apple does not currently support this standard with Safari, and the same is true with Microsoft Edge.
|
|
Before you enable Cisco Duo MFA, you will need to sign into your Duo admin portal and create an Auth API application:
|
Here are some additional steps to take after enabling an MFA provider.
Remember My Device Duration
This determines the length of time a user's session will remain active before they are prompted to re-authenticate with MFA again. Default is 24 hours.
Enable MFA in Access Rules
In the Multi-Factor Authentication (section) of each access rule, choose the MFA option for the users that match the rule. The choices vary based on which MFA providers are enabled.
If you want to give your users the ability to choose more than one MFA provider when they login, create additional access rules with each MFA provider. |
Option | Description |
---|---|
Not Required | This is the default option, and this will not force the user to use MFA when logging in. |
One-Time Password | Choose this option when you want your users to be prompted to enter a one-time passcode from an authenticator app (Microsoft Authenticator, Google Authenticator, etc.) |
USB Key | Choose this option when you want your users to be prompted to use their U2F hardware USB key. |
DUO | Choose this option when you want your users to be prompted to use their Cisco Duo account. |
Guardian | Choose this option when you want your users to be prompted by the Guardian MFA feature. |
MFA Open Enrollment
Setting | Description |
---|---|
Disable MFA Open Enrollment | Select to turn off MFA open enrollment. Open enrollment allows any user to enroll in MFA at their own discretion. Enabling this will not disable MFA enrollment when it is made a requirement in an access rule.
|