Setting up Multi-factor authentication rules for Login

Cymmetri Identity platform supports login using multi-factor authentication options as -

1. a second factor of authentication for the password-based login process.

2. a method of authentication for the password-less login flow.

The following steps indicate how to set up multi-factor authentication options in your Cymmetri Identity platform instance for both flows

Cymmetri allows flexibility by introducing both modern mechanisms, such as -

1. Time based OTP (through Cymmetri Authenticator mobile application)

2. Time based OTP (through Google Authenticator and other mobile application)

3. Push based Notification (through Cymmetri Authenticator mobile application)

4. SMS OTP

5. Email OTP

In this document, we will go through setting up the Multi-factor authentication options on the Cymmetri Identity Platform, and run through the setup of Multi-factor authentication options and their usage for the login scenario.

Setting up Multi-factor Authentication for the tenant

1. Access Multi-factor authentication by going to Products menu > Multifactor authentication product

2. Next, we select factors sub-menu

3. We now select the Cymmetri Authenticator (Time based OTP) toggle and click confirm to setup Cymmetri Authenticator as an MFA option

4. Similarly we toggle on the Push Notification and SMS Authenticator (OTP) options

5. Next we select the configuration sub-menu to configure the OTP options, here we will enable the Email OTP option by toggling it on.

6. Next we move to configure the rules for Multi-factor authentication policy for login

7. Click on the pencil icon to start editing the policy and change the dropdown of all factors to indicate that they are mandatory (required).

Let us talk about the options available for each factor -

Required - This setting means that the corresponding factor is required to be enabled for each user, and every user must set up this factor in their next login.

Optional - This setting means that the corresponding factor is not required to be enabled for each user, and they may configure this option from their "My Workspace". Once the user configures it, they may use it for the purpose of second level of authentication during authentication. Disabled - This settings means that the corresponding factor is not required or enabled for each user, and the user may not configure or use it for authentication into the Cymmetri platform.

8. Now click on the pencil icon in the upper box to toggle on this rule.

9. All subsequent logins of any user on the Cymmetri Identity platform will now require the use of mandatory MFA for one of these factors.

The following steps indicate how to set up for Password-less login

As an organization or domain administrator, click on the products menu on the left-hand side, and then click on the passwordless button to start configuring password-less authentication option.

Click on the toggle button on the top to enable the password-less login option for the end-users logging into the Cymmetri Identity platform tenant.

Further, as an administrator you may turn on/off the toggle switches to allow/block the end-user from using a particular multi-factor authentication option during password-less login.

1. TOTP Based - refers to the Cymmetri Authenticator option as indicated earlier in the document.

2. OTP Based - refers to the SMS Authenticator option as indicated earlier in the document.

3. Consent Based - refers to the Push Authenticator option as indicated earlier in the document.