Elastic SSO: Strong Access Security with Multi-Factor Authentication
Elastic SSO (ESSO) Multi-Factor Authentication (MFA) provides an extra level of security that ESSO administrators can enable for their end-users for accessing their authorized Apps. ESSO MFA is compatible with devices and virtual devices that support RFC 6238 (also known as OATH TOTP) such as:
With ESSO MFA enabled, when a user signs in to an website or portal or webapp, they are prompted for their username and password (the first factor – what users know), as well as for an authentication code from their Google or AWS MFA enabled device (the second factor – what users have). The MFA enabled device generates a time based code that is in sync with the server based on a secret key that is pre-established when the user enables it. Taken together, these multiple factors provide increased security while accessing enterprise and cloud hosted online resources.
ESSO administrators can enable this MFA capability as an option for their end-users. Once the MFA capability is enabled by the ESSO administrator, End-users in-turn can then choose to enable or disable this feature for themselves.
Learn more about AWS MFA and Google Authenticator.
