This topic describes the options to implement two-factor authentication (2FA)/multi-factor authentication (MFA) within Syncplicity if single sign-on (SSO) is enabled.
For details on user authentication, see About user authentication.
For details on configuring SSO, see Configuring single sign-on.
2FA/MFA
By enabling SSO, Syncplicity authenticates your company users via your IdP, including any 2FA/MFA configured in your IdP. If your SSO currently requires specific user authentication, Syncplicity will support/utilize the same requirements, such as:
- User name
- Password
- RSA SecureID
Mobile devices with no SSO
There are two scenarios that can be used to implement 2FA/MFA for your mobile device users that are not SSO enabled.
- Scenario 1: If you are using Mobile device management (MDM) to monitor, manage, and secure your employees' mobile devices, then your company's MDM solution should be capable of implementing 2FA/MFA on mobile devices.
- Scenario 2: If your employees' mobile devices are unmanaged (for example, their personal devices), your admin can use a Syncplicity mobile setting policy to set a second authentication step (2FA). This setting would force your mobile device users to additionally enter their security PIN/passcode.
For details on the mobile security policies, see the article Mobile security policies.