MFA Guides

User Interaction

In addition to deciding on the type of workflows to support, organizations must also consider and decide the manner in which users interface and interact with the system.

Carefully consider which authentication form(s) is most appropriate for your organization. All three authentication methods can be turned on or off at a later date.

It is important to consider that users will develop their overall perceptions of the environment early in the deployment. Consequently, changing user requirements post-deployment can lead to confusion, amongst other concerns involving security and acceptance.

This guide provides detailed information on how to configure each of these items addressed in this module below.

Table 6. User Interactions

Interaction

Description

Questions & Answers

Q&A can provide an extra layer of security for the organizational environment. Q&A can be used as either a primary (i.e. Emergency Access with RapidIdentity Client) or fall-back authentication method to the RapidIdentity Server User Portal.

When required within the RapidIdentity Server User Portal, Q&A enables the use of secure workflows. This process ensures not only that the user has initially authenticated with a smart card or password to the operating system, but requires the user to submit correct answers to previously established user-selected or administrator-defined questions prior to gaining access to the User Portal.

Q&A can be enabled or disabled globally within the Settings menu. When Q&A is used ONLY for Emergency Access it will not be required in the User Portal, unless secure workflows are enabled.

Authorization Codes

Auth Codes add an extra level of security to either self-service or centralized workflows.

Auth codes can be either given directly to the user by the administrator, security, help desk personnel, or they can be emailed to the user. After receiving the Auth Code, the user must input the Auth Code in the User’s Portal before initiating any task. As with Q&A, Auth Codes can be enabled or disabled globally via the Settings Menu.

Integrated Authentication

Microsoft Integrated Authentication provides the simplest secure access to both the User and Administrator’s Portals.

It is considered the preferred means of authenticating to both, however, it does not provide the added layer of security that Auth Codes do for secure access. By default, RapidIdentity Server supports Microsoft Integrated Authentication to both the User and Administrator’s Portals.