Powered By GitBook
Creating an Adaptive MFA Policy
Learn how to create an Adaptive MFA policy to protect your portal or web application.
To create an Adaptive MFA policy, follow these simple steps. To use the Adaptive MFA policy once you've created it, simply follow the Assigning an Adaptive MFA Policy to an Application steps.
1) Start by logging into the Admin Console using an admin account
2) From the left-hand menu, select Adaptive MFA
3) Under the Adaptive MFA Policy screen, you will see a listing of all Adaptive MFA policies. If this is a new Fusion instance, then you will only see the Default Adaptive MFA Policy, as shown below:
Click to Enlarge
4) To create a new Adaptive MFA policy, click the + Create Policy button in the top right hand corner.
5) The Create Adaptive MFA Policy page will be displayed, as shown below:
Click to Enlarge
6) The tables below explains each of the options that can configured for an Adaptive MFA policy. Once you've setup your policy, click the Save button.
See Assigning an Adaptive MFA Policy to an Application for the next steps on how these settings can be applied to take effect.

Multi-factor Authentication

Setting
Description
Adaptive MFA Policy Name
Define a name for this Adaptive MFA Policy. This name is displayed in the Adaptive MFA Policy listing and used to refer to this policy throughout Fusion.
Adaptive MFA Policy Login Workflow
Strivacity Fusion provides several login workflows for you to choose from depending upon the customer journey that you wish to create.
See Login Workflow for a more detailed explanation of the these options.
Enable Passcode by Text Message
Once you enable this Multi-Factor Authentication option, it means that any customers using an application that you've assigned this policy too will be given the option to enroll this method and use it for authentication. Passcodes by text message are one-time use only and have lifetimes attached to them (see below).
Passcode by Text Message: Passcode Length
This is the length of the passcode that will be sent to the customer by text message (SMS). The default, minimum and recommended length is 6 characters (numbers). The maximum length is 8 characters (numbers).
Passcode by Text Message: Passcode Lifetime
This is the lifetime period that Fusion will still accept the passcode and typically means that your customers have this amount of time to use it before it expires. Once the lifetime has been exceeded the passcode will be invalidated by Fusion and the customer will need to restart the log in process.
Enable Passcode by Voice Call
Once you enable this Multi-Factor Authentication option, it means that any customers using an application that you've assigned this policy too will be given the option to enroll this method and use it for authentication. Passcodes by voice call are one-time use only and have lifetimes attached to them (see below).
Passcode by Voice Call: Passcode Length
This is the length of the passcode that will be read to the customer by a voice call. The default, minimum and recommended length is 6 characters (numbers). The maximum length is 8 characters (numbers).
Passcode by Voice Passcode Lifetime
This is the lifetime period that Fusion will still accept the passcode and typically means that your customers have this amount of time to use it before it expires. Once the lifetime has been exceeded the passcode will be invalidated by Fusion and the customer will need to restart the log in process.
Enable Passcode by Email
Once you enable this Multi-Factor Authentication option, it means that any customers using an application that you've assigned this policy too will be given the option to enroll this method and use it for authentication. Passcodes by email are one-time use only and have lifetimes attached to them (see below).
Passcode by Email: Passcode Length
This is the length of the passcode that will be sent to the customer by email (SMTP). The default, minimum and recommended length is 6 characters (numbers). The maximum length is 8 characters (numbers).
Passcode by Email: Passcode Lifetime
This is the lifetime period that Fusion will still accept the passcode and typically means that your customers have this amount of time to use it before it expires. Once the lifetime has been exceeded the passcode will be invalidated by Fusion and the customer will need to restart the log in process.
Enable Magic Link by Text Message
Once you enable this Multi-Factor Authentication option, it means that any customers using an application that you've assigned this policy too will be given the option to enroll this method and use it for authentication. Magic Links by text message are one-time use only and have lifetimes attached to them (see below).
Magic Link by Text Message: Lifetime
This is the lifetime period that Fusion will still accept the magic link and typically means that your customers have this amount of time to use it before it expires. Once the lifetime has been exceeded the magic link will be invalidated by Fusion and the customer will need to restart the log in process.
Enable Magic Link by Email
Once you enable this Multi-Factor Authentication option, it means that any customers using an application that you've assigned this policy too will be given the option to enroll this method and use it for authentication. Magic Links by email message are one-time use only and have lifetimes attached to them (see below).
Magic Link by Email: Lifetime
This is the lifetime period that Fusion will still accept the magic link and typically means that your customers have this amount of time to use it before it expires. Once the lifetime has been exceeded the magic link will be invalidated by Fusion and the customer will need to restart the log in process.
Enable Google Authenticator or other Soft Token
Once you enable this Multi-Factor Authentication option, it means that any customers using an application that you've assigned this policy too will be given the option to enroll this method using My Account and use it for authentication.
Google Authenticator/Soft Token: Passcode Length
This is the length of the passcode that will be configured in Google Authenticator or other Soft Token on the customers mobile device.
Google Authenticator/Soft Token: Passcode Offset
This is the time step value or variance that is allowed to accommodate any clock skew between the device on which Google Authenticator or other Soft Token is running and Strivacity Fusion.
Google Authenticator/Soft Token: Interval Time
This specifies the number of codes before or after the current code that Fusion will accept.
Google Authenticator/Soft Token: Label Name
This is the name displayed with Google Authenticator or other Soft Token, and unless a value is specified this will default to the Brand name specified in the Branding Policy for the application that this Adaptive MFA policy is assigned to.
See Setup and Manage Customer Notification for further information on how to customize and brand the Adaptive MFA notification email and text messages

Remember My Device

Setting
Description
Enable Remember My Device
This is used in conjunction with Multi-Factor Authentication. After the first login with MFA any future MFA steps will be bypassed until the number of days has elapsed or the device is removed from self-service.
Number of Days To Remember The Device
The number of days that any future MFA steps will be bypassed until the number of days has elapsed or the device is removed from self-service. This is 30 days by default.
Last modified 7d ago
Export as PDF
Copy link