Users typically authenticate into OneLogin using a username and password. Your organization may require additional (multi-factor) authentication using other factors, such as a digital certificate or a one-time password (OTP). Once your identity has been established by OneLogin, it can authorize your access to other resources.
OneLogin multi-factor authentication methods include:
- PKI Certificates - These are issued by OneLogin and installed in the end-user's browser. Once a user has logged into OneLogin, it will validate that the certificate installed is the one registered to the user's record in OneLogin. For more information, see PKI Certificates.
- Security Questions - Security questions are one or more (usually personal) questions that are posed to the user as they log into their account. Correct answers validate the user's identity and sign them in. For more information, see Security Questions.
- OTP (one-time password) Applications and Devices - OTP apps and devices provide a constantly changing code that validates a user's identity. This is entered in addition to a user's login credentials to sign the user into their account.
Before multi-factor authentication is available to your users, you must add and configure the factors you want available for your users. For more information, see Adding Multi-Factor Authentication.
These factors must then be added to a User Policy that will apply the factor to a group of users. Additionally, the same authentication factor can be used to control access to applications by associating each app with an App Policy.