Adaptive Multi-Factor Authentication (MFA)
Guard your business and your users against unauthorized access to your network, applications and sensitive data.
Add an extra layer of protection by requiring users to provide two or more verification factors when logging in.
Try Asgardeo
What is Adaptive MFA?
MFA offers an extra layer of protection against unauthorized access by requiring users to provide two or more verification factors when logging in to a resource. These factors may include something the user knows (such as a username/password or PIN), something the user possesses (such as a USB security key), or a biometric factor (such as a fingerprint or facial scan).
Adaptive MFA adds flexibility and ease of use by adjusting the security requirements for each user login, according to its specific circumstances. For example, an adaptive MFA policy may require additional authentication steps if a user is trying to log in from an unusual location, using an unfamiliar device, or attempting to access a particularly sensitive application.
Adaptive MFA works with a broad range of authentication tools to add security, such as one-time passwords (OTP) through email or SMS, FIDO2-compliant security keys, hardware tokens, WebAuthN for biometric factors, plus a range of third-party options such as authenticator apps, Duo Security, and TypingDNA.
Benefits of Adaptive MFA
Usernames and passwords are an important element of security, but are vulnerable to brute force attacks and theft by cyber criminals. The core benefit of adaptive MFA is that it enhances security by requiring users to identify themselves with more than just a username and password. Using MFA has been shown to reduce account takeovers by up to 99.9%.1
For Internal Workforce
Adaptive MFA provides powerful protection against cybersecurity threats such as phishing or brute force password attacks. Even if an attacker obtains or guesses a user’s credentials, the attack can’t proceed without the additional authentication factors required for login.
For External Consumers and Business Customers
Adaptive MFA helps prevent fraudulent activity by providing greater assurance of the identity of external users before allowing access to important apps or proceeding with sensitive transactions. Adaptive MFA also lets users have greater confidence that their personal information is safe when access to it is well protected.
How Does Adaptive MFA Work?
Validate the First Authentication Factor
When a user attempts to access a resource, the adaptive MFA system checks the first authentication factor (commonly username and password, or a passwordless method) before proceeding.
Evaluate Context and Risk Level
The policy engine evaluates login context—such as requested resource, location, or time since last login—to determine the risk level and whether additional authentication is required.
Approve Access or Step Up Authentication
Low-risk requests are approved seamlessly, while higher-risk attempts require additional factors based on configurable policies—balancing strong security with minimal user friction.
