Add Multi-Factor Authentication
# Add Multi-Factor Authentication
Multi-Factor Authentication (MFA) allows you to grant access to your resources by using two (2-Factor) or more (Multi-Factor) factors to authenticate users. If one factor is compromised or broken, an attacker still has at least one more barrier to breach before successfully breaking into the resource. MFA provides an additional layer of security to the resource.
Authentication factors in MFA relies on two or more independent credentials of the three categories given below.
- Knowledge factor - Something you know, such as a password or a PIN.
- Possession factor - Something you have, such as a FIDO key or an ATM card.
- Inherence factor - Something you are, such as your fingerprint or your iris pattern.
In Asgardeo, the default authentication mechanism is username and password.
The Asgardeo console allows configuring multi-step authentication where you can define an authentication chain containing different authenticators in each step. By adding different authenticators, you can achieve a login flow secured by multiple factors.
You can choose to replace the username and password authentication with social or enterprise logins and add a few more authenticators to build your authentication chain.
# Configure multi-factor authentication
- On the Asgardeo console, navigate to Develop > Applications and select the application to which MFA needs to be added.
- Go to Sign-in Method.
- Select Add Authentication in the step that you want to add an additional factor of authentication.
- Select a factor and click Add.
- Click Update.