If your Portal Access Rules allow users to choose their MFA option, then you will need to configure which second factors are available to them. The follow factors are supported:
- WebAuthn (aka security key)
A FIDO/U2F or FIDO2/WebAuthn security key, such as a YubiKey or Titan Security Key. Connects to your device via USB, Bluetooth, NFC, or other protocol to perform a cryptographic exchange. Learn more about supported MFA hardware devices here.
- Push to verify
A push message sent via the HelloID Authenticator app for iOS and Android. A traditional six digit verification code can also be set up using third party apps like Google Authenticator.
- Hardware token authentication (aka classic hardware tokens)
A low-cost OATH TOTP token. Provides one-time passwords for authenticating your end users to HelloID and other supported systems, usually via an LCD screen. Learn how to manage classic hardware tokens here.
A traditional verification code is sent to the user via email.
A traditional verification code is sent to the user via SMS. Learn how to configure SMS for 2FA.
Manage Second Factors
Navigate to Security > 2FA Management to get started.
Here, you can select which secondary authentication factors are available for users to choose from. We recommend that you offer multiple options, so your end users may choose the option that is best for them.
The following configuration options are available:
- Manage OATH Tokens (Hardware token authentication)
This link takes you to the OATH Management page, where you can configure users' tokens.
- Configure (SMS)
Allows you to select and configure your SMS provider for 2FA.
If you disable all factors, you will receive a warning that the end user will be logged in automatically without a second factor, after entering their username and password. This is the same as disabling multi-factor authentication.
Select the Apply button to confirm your changes.