Default adaptive MFA policy
Learn more about the configuration and best practices baked into the default Adaptive MFA policy.
The default Adaptive MFA policy is automatically assigned on a per-Application basis and is in use from the moment that you start using Strivacity, i.e. there is nothing that you need to do to ensure that you're using some best-practice security for your customer accounts.
Adaptive MFA policies help enhance the security of your customers' accounts. They're also required for setting up an application.
You don't have to create an adaptive MFA policy from scratch to see it work in action. Strivacity's default Adaptive MFA policy comes with pre-configured multi-factor methods that you can apply immediately to an application.
You can find out more about creating and assigning adaptive MFA policies to applications at Creating an adaptive policy and Assigning an adaptive MFA policy to an application.
Here's a rundown of the default adaptive MFA policy settings:
Next to default settings, you can also set up platform-based authentication, allow your customers to enroll their roaming authenticators, switch on bot, anonymous proxy / Tor, and improbable travel detection, or apply behavior analytics for recognizing trusted online behaviors.
Setting | Default Value | Description |
---|---|---|
Adaptive MFA Policy Name | Default | This is the name the policy is referenced by in the Admin Console. |
Adaptive MFA Policy Login Workflow | Username -> MFA -> Password | This will provide a customer journey that requires the customer to provide the username as the identifier, then an MFA method and then the Password. This workflow uses the MFA method to prevent an attacker from locking out the customer's account by exceeding the permitted number of password attempts. |
Email method | Enabled and optional | Customers can decide to enroll an email authenticator in their self-service accounts. One-time passcode and Magic Link factors are both allowed by default. They're lifetime is set to 6 minutes by default. The passcode lenght is set to 6 characters by default. |
Phone method | Enabled and optional | Customers can decide to enroll phone authenticator in their self-service accounts. The passcode lenght is set to 6 characters by default. |
Soft token | Enabled and optional | Customers can decide to enroll an authenticator application of their choice in their self-service accounts. |
Device recognition | Enabled | This options allows customers to mark the devices they use for login as trusted ones. This way they will be stepped down from any multi-factor authenticaion that otherwise would be required of them. |
Device recognition opt-in | Enabled | The 'Remember my device' option in the customer login journey is set to appear with a selected checkbox. |
Updated 9 months ago