Multi-Factor Authentication (MFA)

Checklist for Multi-Factor Authentication solutions

Basic Multi-Factor Authentication Requirements

It’s critical that your Multi-Factor Authentication (MFA) solution meets the basic requirements for secure identity and access management (IAM) solutions in a hybrid environment. Digital transformation today relies on a Unified Access Management (UAM) platform that includes at least basic MFA. Use the checklist below to make sure that your MFA solution offers the protection your company needs.

User Community Support

Does the MFA solution support all the user communities that access your sensitive data?

  • Workforce (employees and contractors)
  • Partners/Vendors
  • Customers

Application Integration

Does the MFA solution work with the cloud and on-premises apps that are critical to your organization?

  • Integration with cloud applications
  • Integration with on-premises applications
  • Integration with Human Resource Management Systems (HRMS), such as Workday or SuccessFactors
  • Directory integration, such as Active Directory or LDAP

Enterprise Access

Does the MFA solution support the network access systems your organization uses or might use?

  • VPN access
  • Wi-Fi access
  • SSH/RDP access
  • RADIUS integration

Authentication Methods

Does the MFA solution support the authentication tools that your organization uses?

  • Native mobile OTP authenticator (push-based)
  • Offline time-based verification codes (TOTP)
  • Hardware tokens, such as Yubico YubiKey
  • X.509–based certificates
  • Legacy authentication methods, such as SMS, security questions, or email

Flexible Authentication Policies

Does the MFA solution enable flexible and sophisticated authentication policies at a granular level?

  • Granular policies for different identities, apps, devices, and contexts
  • Allows for definition of different policies for various identities communities or applications
  • Customizable authentication flow
  • Risk-based decisions

Developer Support

Does the MFA solution provide APIs and support for integration with your custom applications and third-party systems?

  • MFA registration and life-cycle management APIs
  • SDK for major platforms and languages

Open Standards Support

Does the MFA solution support these popular, modern standards for secure connections to web applications?

  • SAML
  • OpenID Connect
  • OAuth2


Does the MFA solution provide reports that enable you to meet compliance requirements and enhance your security based on threat data?

  • Ability to externalize authorization events to third-party SIEM solutions
  • Out-of-the-box reports and audit trails
  • Ability to effect system change based on authorization events
  • Real-time information about access attempts

Advanced Requirements

Although any MFA solution should meet basic requirements, organizations making a successful digital transformation usually choose solutions that meet advanced requirements. MFA is evolving quickly. An advanced MFA solution ensures, from the start, that you aren’t behind the curve.

Behavioral Analytics

Does the MFA solution use behavioral analytics to intelligently adapt, and does it require different authentication factors?

  • Familiarity signals
  • Attack signals
  • Anomalies (user behavior and context signals)
  • Continuous authentication

Device Trust

Does the MFA solution take into account information about the device being used for authentication?

  • Device health, including version, tampered, lock, encryption, browser plug-in, and more
  • Device reputation
  • X.509–based certificates
  • Integration with mobile device management (MDM)

Users and devices

Does the MFA solution support user access via multiple devices, and does it account for different types of users and user roles?

  • Support for multiple devices
  • Support for different user communities, such as employees, contractors, partners, IT administrators, and customers

General considerations

Can you integrate the MFA solution with your custom apps and in your organization without having to replace or significantly modify existing solutions?

  • Enables integration into your custom apps via an API
  • Enables incorporation of MFA without the need to rip and replace other solutions

Related Resources:

What is MFA?

Learn why you need MFA to protect your data and repel cyberattacks.

Read More

What Attacks does MFA repel?

Learn how MFA helps prevent common cyberattacks and security breaches.

Read More

What is Adaptive Authentication?

Find out how Adaptive Authentication provides a better user experience while protecting corporate resources.

Read More