MFA Guides


One key area to consider is the type of workflows the organization plans to support.

Generally, supported workflows include numerous self-service and centralized administration.

Table 5. Workflow Types




A Self-Service workflow enables users to complete all but the most secure workflows on their own, without involving the assistance of an administrator or the help desk.

When coupled with the use of Q&A, Authorization Codes or both, self-service workflows are considered secure. Organizations wanting to decentralize administration and reduce the overall administrative burden on administrators and help desk personnel should consider these workflows.


A Centralized workflow enables administrators to maintain fine-grain control over the manner in which users interface with the system. These workflows are considered more secure relative to self-service workflows because the user is required to interface with an administrator or help desk personnel.


A Hybrid workflow enables organizations to perform common self-service workflows while simultaneously centralizing key security workflows, such as offline unblocking of a smart card or resetting Q&A that was forgotten by the user.