Login workflows for admin accounts

Strivacity provides several login workflows for you to choose from to protect your Admin Console.

Admin adaptive MFA general settingsAdmin adaptive MFA general settings

Login workflowJourney description
Username → MFA → Password

This requires the Strivacity admin to provide the username as the identifier, then an MFA method (as defined within the Multi-factor Authentication section of the policy), and then the Password.

Advantage This workflow leverages the MFA method to prevent an attacker from locking out the admin account by exceeding the permitted number of password attempts.

Username → Password → MFAThis requires the Strivacity admin to provide the username as the identifier, and then they will be required to provide their password, followed by the MFA method (as defined within the Multi-factor Authentication section of the policy).
Passwordless (Username → MFA)

The passwordless login workflow will not require the Fusion admin to provide a password at all. The username is still used as the identifier, however, instead of using a password this will only require an MFA method to be used.

Advantage While it can be argued that using MFA and not using a password is just using a single factor, it removes the attack vector of the secret (the password) being stolen (and used) by an attacker entirely.

Username → Password (single factor only)Not recommended! Please do not protect your Fusion instance using just a username and password!

📘

Passwordless workflow If an admin hasn't enrolled yet in an MFA method or step-down rules apply to the geographical region or IP address they are accessing your applications from, they will be asked to provide their password for authentication.