Two-factor authentication (2FA)

To strengthen the security of an authentication process, two-factor authentication can be used. In this scenario, the usual login+password authentication is extended by using some other factor that does not rely on the user remembering something.

It usually means that user proves their identity by being of possession of something - an email address, a phone number to send SMS to, or a mobile phone with an installed application.

IAM appliance’s CAS supports following 2FA methods:

  • OTP tokens via e-mail

    • The OTP token is sent by e-mail to user’s registered address. User does not need to have any special device or application paired with the CAS.

  • OTP tokens via SMS

    • The OTP token is sent by SMS to the user’s mobile phone. User needs to have access to the phone number the token is sent to.

  • Google Authenticator

    • User must install Google Authenticator (other compatible TOTP apps should work too) and register it with CAS. During authentication, user enters the six-digit code generated by the authenticator app into the access manager’s login form.