Versions Compared

Old Version 3

changes.mady.by.user Arto Vainiolehto

Saved on

compared with

New Version 4

changes.mady.by.user Arto Vainiolehto

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Create the first factor method

    1. SAML

    2. OpenID Connect

  2. Configure the SAML or OIDC identity provider to return end user’s email address for the Unregistered SMTP and mobile phone number for the Unregistered SMS.

  3. Create an attribute mapping which maps the attribute names to be exactly as specified below, which is what Unregistered SMTP and SMS method expect the attribute names to be and to contain correct information for the unregistered multi-factor authentication to work.

    1. phone_number for the mobile phone number.

    2. email for the email address.

  4. Create the second factor method

    1. Unregistered SMTP

    2. Unregistered SMS

  5. While not required, it’s useful to verify at this point that both work individually without the umfa configuration.

  6. To enable the second factor method to be used in unregistered multi-factor authentication, set configuration string mfa true for the second factor method.

    1. Possible to set with Management API or UI.PUT /method/unregistered.smtp
      configuration:mfa true

  7. Set the second factor method as the next factor method for the first factor method.

    1. PUT /method/oidc.1/$link/nextFactor/method/unregistered.smtp

...