Configuring multi-factor authentication
OpenIAM supports multiple authentication options including:
- Password based authentication (default).
- Certificate based authentication.
- Multi-factor authentication (MFA) using a one-time passcode (OTP) over SMS, e-mail, IVR.
- MFA using the OpenIAM mobile application.
- MFA using a FIDO2 device.
In addition to the various types of authentications, OpenIAM also supports adaptive authentication rules, which can be used to create authentication workflows.
Configuring SMS and SMTP
Depending on the authentication type you need, there are some steps required to enable the authentication process to work.
In case a multi-factor authentication (MFA) option using a one-time passcode (OTP) over SMS or e-mail was chosen, there is a need to configure SMS or SMTP.
Hence, use this document to configure OTP via SMS.
To configure Email OTP Provider, use the document by the link containing a step-by-step instruction on how to configure SMTP.
Configuring authentication policy
Authentication policies are used to define general parameters to control authentication behaviour. These include the following parameters:
- failed authentication count;
- auto unlock;
- session token life.
This configuration determines whether OpenIAM functions as an identity provider (IdP) or a service provider (SP).
Configuring authentication policy is a needed step in configuring the authentication process. To perform that, use the document by the link.
Associating with a content provider
After creating an authentication policy, you need to create an authentication provider and associate (aka connect) it to a content provider. It can appear as a complicated procedure, however, this guide provides all the necessary steps for associating with a content provider.