Multi-factor Authentication (MFA)
Make sure your users are who they say they are.
What is MFA?
MFA gives you assurance that users are who they say they are. It requires them to prove their identity by providing at least two pieces of evidence, each one from a different category. These categories include: something they know, something they have and something they are.
How Does MFA Benefit My Business?
Prevent Data Breaches
Weak and default passwords or passwords stolen through phishing and other attack methods are still being used to execute successful fraud attacks and data breaches. Confirming the identities of your employees, partners and customers through MFA thwarts attackers.
Passwordless Authentication
You have the option of using stronger authentication methods like mobile push authentication, QR codes and FIDO-compliant authenticators instead of credentials to enable passwordless login.
Happier Users
Adaptive MFA can leverage frictionless, contextual and behavioral data such as geolocation, IP address and time since last authentication in order to assess risk. Based on risk, you can add step-up authentication factors to gain a higher level of assurance about a user’s identity when warranted.
What Capabilities Does Ping MFA Offer?
Ping's MFA solution enables:
Adaptive and risk-based authentication policies to balance security and productivity
Variety of authentication methods such as facial recognition and fingerprint
MFA embedded into your mobile app
Dashboards for admin insights into MFA usage and SMS costs
How Risk-Based, Adaptive MFA Works
Check First Factor
The user starts by requesting a resource and has to input their first factor of authentication which is most often a password (but doesn’t have to be). Ping’s authentication and SSO capabilities enable you to accept stronger, more convenient methods—such as biometrics—as the first factor.
Consider Risk and Context
When you add MFA everywhere without making it adaptive based on the context and risk of the situation, you’re adding unnecessary friction. Instead, Ping’s MFA policies look at the context and decide whether or not a second factor is needed at all.
Approve or Step Up Authentication
Based on the context and risk of the access request and resource, Ping’s MFA service either approves the low-risk access request right away or it sends a second factor request to the user. It will do this before sending the higher-risk access approval back to the authentication authority.
How Do I Get Started with Passwordless MFA?
Passwordless MFA is the term used when an authentication flow doesn’t include a password as one of the security factors, while also leveraging more than one advanced authentication mechanism to determine if a user is who they say they are. By utilizing risk policies, biometrics, device trust and more, you can make logins more secure and frictionless for everyone.
Integrating Passwordless MFA Into Your Business
The first step to integrating passwordless MFA into your business is through centralized authentication, which provides the foundation for passwordless to scale across your organization. The second step is risk-based MFA which adds intelligence, enabled by biometrics and dynamic risk scoring. Finally, utilize FIDO which helps prevent phishing attacks with trusted devices. The ultimate destination? Frictionless login for continuous authentication in a mature Zero Trust environment.
A step-by-step passwordless journey:
Centralized Authentication
Risk-based MFA
FIDO Login
Frictionless
Modern MFA vs. Legacy MFA
Modern MFA improves user experience and security by enabling context-based adaptive authentication and broad self-service capabilities. Admins can use APIs, SDKs and integration kits to make implementation with existing infrastructure a breeze. All of this in a cloud-based solution means minimal effort and oversight to run effectively.
Seamless MFA for Hybrid IT Environments
Today’s enterprises prioritize cloud-first initiatives and deployments, but the reality is that large enterprises still have many existing on-premises applications. To effectively secure all of the applications in your hybrid IT environment and cloud transition, your enterprise needs an adaptive MFA solution that supports all your use cases for both on-premises and multi-cloud environments.
Ping Products That Deliver MFA
PingOne for Workforce
MFA is part of a complete cloud solution for seamless, secure employee experiences
PingOne for Customers
MFA is part of a complete cloud solution for seamless and secure customer experiences
PingOne MFA
Cloud multi-factor authentication for customers
PingID
Cloud multi-factor authentication for employees and partners
Fast and Simple MFA Integrations
Improving security doesn’t have to be a headache. You can implement strong authentication in a matter of minutes. To make deployments easy, you’ll need out-of-the-box integrations to VPNs, applications like Office 365 as well as easy-to-use APIs. Plus, self-service features for your end users and simple administration can make your MFA rollout effortless.
MFA Integration Highlights
Customer Spotlight:
The PingOne Cloud Platform Provides SSO and MFA for Pameijer’s Employees and Clients.
With General Data Protection Regulation (GDPR) coming into effect, Pameijer required a standards-based SSO and MFA approach that would satisfy both privacy and security regulations. One-touch swipe authentication from a mobile device makes signing in easy and safe for clients who struggle with technology. This user experience was fully customizable to Pameijer’s needs.
More MFA Success Stories To Explore:
See how Ping helped Inchcape consolidate disparate access management systems into a unified SSO and MFA solution.
Learn why DB Schenker chose Ping Identity to implement FIDO2-enabled MFA and consolidate identity and access management (IAM).
Read how Ping assisted GCU in replacing their legacy federation system with a standards-based, MFA-ready platform.
Related Resources