Configuring multi-factor authentication

OpenIAM supports multiple authentication options including:

  • Password based authentication (default).
  • Certificate based authentication.
  • Multi-factor authentication (MFA) using a one time passcode (OTP) over SMS, e-mail, IVR.
  • MFA using the OpenIAM mobile application.
  • MFA using a FIDO2 device.

In addition to the various types of authentication, OpenIAM also supports adaptive authentication rules, which can be used to create authentication workflows.

Configuring SMS and SMTP

Depending on the authentication type you need, there are some steps required to enable the authentication process to work.

In case a multi-factor authentication (MFA) option using a one time passcode (OTP) over SMS or e-mail was chosen, there is a need to configure SMS or SMTP.

Hence, use this document to configure OTP via SMS.

To configure Email OTP Provider, use the document by the link containing a step-by-step instruction on how to configure SMTP.

Configuring authentication policy

Authentication policies are used to define general parameters to control authentication behavior. These include the following parameters:

  • failed authentication count;
  • auto unlock;
  • session token life.

This configuration determines whether OpenIAM functions as an identity provider (IdP) or a service provider (SP).

Configuring authentication policy is a needed step in configuring the authentication process. To perform that, use the document by the link.

Associating with a content provider

After creating an authentication policy, you need to create an authentication provider and associate (aka connect) it to a content provider. It can appear as a complicated procedure, however, this guide provides all the necessary steps for associating with a content provider.