General settings: an overview

Strivacity provides several built-in login workflows to choose from when planning your customer journey. Learn about the basic settings of your adaptive MFA policy here.

SettingDescription
Adaptive MFA policy nameThe name of the Adaptive MFA policy (mandatory). The policy will be referenced by this name in Strivacity
Adaptive MFA policy login workflowYou can select from built-in login workflows to set up a customer journey for your application
Enable MFA for external logins

You can enable this option if you would like to use Strivacity's MFA enrollment and authentication for external logins instead of the external provider's MFA

Device recognition is not available for external identities


This option is disabled by default

Adaptive MFA general settingsAdaptive MFA general settings

Adaptive MFA general settings

Login workflows

Strivacity Fusion lets you add a unique customer journey with its own login workflow to each of your Applications.

Login workflowCustomer journey
Username → MFA → Password

The default workflow for Strivacity included within the default Adaptive MFA policy.

Requires an identifier from the customer, then an MFA method, finally, their password.

This workflow prevents account lockout that otherwise occurs by password brute-force attacks.

Username → Password → MFARequires an identifier from the customer, then their password, finally, the customer is stepped up to MFA.
Passwordless (Username → MFA)

Requires an identifier from the customer, then the customer is stepped up to MFA.

No password required.

While this workflow arguably only applies a single factor, it removes the attack vector of the secret (the password) being stolen (and used) by an attacker entirely.

Username → Password (single factor only)The username and password workflow is just that!

📘

Passwordless workflow: if your customer hasn't enrolled yet in an MFA method or step-down rules apply to the geographical region or IP address they are accessing your applications from, they will be asked to provide their password for authentication.