Login workflows for admin accounts

Strivacity provides several login workflows for you to choose from to protect your Admin Console.

This article provides a comprehensive overview of the login workflows for admin accounts in Strivacity. It outlines the different authentication steps and options available to administrators, ensuring secure access to the Admin Console.

Configuration

To set up a login workflow for admin accounts, follow these steps:

  1. Select Instance configuration from the left-hand menu.
  2. Go to Adaptive access under Admin policies.
  3. Find the left-hand panel in the page that opens and look for the Adaptive access policy login workflow.
  4. Select one of the options from the scroll-down menu.

Login workflow options

Login workflowJourney description
Username → MFA → PasswordThis requires the Strivacity admin to provide the username as the identifier, then an MFA method (as defined within the Multi-factor Authentication section of the policy), and then the Password.

Advantage: This workflow leverages the MFA method to prevent an attacker from locking out the admin account by exceeding the permitted number of password attempts.
Username → Password → MFAThis requires the Strivacity admin to provide the username as the identifier, and then they will be required to provide their password, followed by the MFA method (as defined within the Multi-factor Authentication section of the policy).
Passwordless (Username → MFA)The passwordless login workflow will not require the Strivacity admin to provide a password at all. The username is still used as the identifier, however, instead of using a password, this will only require an MFA method to be used.

Advantage: While it can be argued that using MFA and not using a password is just using a single factor, it removes the attack vector of the secret (the password) being stolen (and used) by an attacker entirely.
Username → Password (single factor only)Not recommended! Please do not protect your Strivacity instance using just a username and password!

📘

Passwordless workflow If an admin hasn't enrolled yet in an MFA method or step-down rules apply to the geographical region or IP address they are accessing your applications from, they will be asked to provide their password for authentication.