Overview - MFA User Self Services
Users can seamlessly, quickly, and securely set up Multifactor Authentication for their accounts using cidaas' end-user self services.
Once the users are registered with your organization, cidaas' User Self-Service Portal helps set up Multifactor authentication for their account using the cidaas mobile app's authenticator feature.
Important Concepts to Know
Before setting up cidaas' MFA services on your app portal, here are the key concepts you should know.
1. The cidaas user account should be created by the admin for the app.
2. The cidaas mobile app should be downloaded & installed from Play Store or App Store depending on your mobile OS. This app is useful as a companion for instant user verification and authentication when linked your app account using the Authenticator feature.
3. The end-user's account should be set up and linked to the cidaas Authenticator feature either using QR Code scanning or a Setup Key which will set up one or more authentication methods.
The next step is to Set up your account on the cidaas Authenticator app and link it to the self-service app integrated with cidaas' IAM services or the cidaas Admin dashboard.
Multifactor Authentication Methods
If the end-user does not wish to login to the app portal using the conventional ID and password credentials, they can configure one or more of the following authentication methods on the login page.
The following options are configured by default and appear on the login page:
1. Email: cidaas sends a six-digit verification code to the user's registered email address that has to be entered by the user on the login page. Learn more.
2. Text Message: A six-digit verification code is sent via SMS to the user's registered mobile number, which should be keyed in correctly for signing in. Learn more.
3. Password: Type the valid password linked to the user account to sign in.
The following MFA options need to be set up explicitly by the user on the third-party app portal using the cidaas authenticator app:
1. IVR: A six-digit verification code is given to the user by cidaas' Interactive Voice Reponse agent over voice call on the user's registered mobile number. Learn More.
2. Backup Code: This option is useful when the user can't get codes by text, call, or the Authenticator app. An 8-digit backup code can be used to sign in to the user's account. Once a backup code is used to sign in, it becomes inactive. The user can get a new set of backup codes on request. cidaas offers 10 backup codes. Learn More.
3. FIDO2: Fast ID Online 2 is a set of technology-agnostic security specifications for strong authentication. It was developed to introduce open and license-free standards for secure, worldwide authentication over the Internet.
This standard uses public-key cryptography to guarantee a secure and convenient authentication system. The FIDO2 standard uses a private and public key to validate each user’s identity to achieve this. To use FIDO2 authentication, you’ll first have to sign up for it on the user self-service portal (either cidaas' or the web app service provider's). Selecting this service will generate a FIDO2 authentication key pair.
Your FIDO2 device sends the public key to the service, while the private key containing sensitive information stays on your device. Once the secure communication path is enabled, the setup credentials are stored permanently, allowing for later logins. The next time you want to log in to a FIDO2 service, you have to follow these steps:
a. Provide your username and email.
b. The service will give you a cryptographic challenge.
c. You use your FIDO2 key to sign the challenge.
The service’s server verifies your response and gives you access to your account. Learn More.
4. Face Recognition: A facial recognition system is a technology capable of matching a human face from a digital image or a video frame against a database of faces, typically employed to authenticate users through cidaas' verification services. This authentication mechanism on cidaas works by pinpointing and measuring facial features from the user's image captured during initial configuration. Learn More
5. Touch ID: Apple Touch ID is a passwordless authentication mechanism that implements embedded fingerprint sensor built into either the home button or power button of an iOS device for user authentication. Touch ID doesn't store any images of fingerprints, but it does store "mathematical representation" of fingerprints that is unique to a human user. Learn More
6. Voice Recognition: Voice recognition is a biometric speech-based method measuring the distinctions in individual voices to uniquely identify users. Instead of a password, which might be forgotten or not strong enough to ensure security, voice authentication allows people to use their voices themselves as passwords. Learn More
7. Pattern Recognition: Pattern Recognition is the process of distinguishing and segmenting data according to the set geometrical pattern on a device which is performed by special algorithms. Learn More
8. PUSH: This feature generates a six-digit code every 30 seconds. The user has to log into the app or service which asks for the two-factor authentication code. Entering the correct code authenticates the user successfully. Learn More
9. TOTP: Time-based One-time Password (TOTP) is a computer algorithm that generates a one-time password (OTP) that needs to be verified by the user within a limited time for passwordless authentication. Learn More
This completes our discussion on cidaas' End-user Self-service portal.
Should you have any questions or need further assistance, please contact our support team.
We'll be happy to help. Thank you!