ProxyIdP offers a more secure way of authentication on top of passwords – the so-called Multi-Factor Authentication (MFA). Once activated, an additional form of authentication is required in addition to the required password, for example in the form of a verification code. This function makes it more difficult for potential attackers to misuse someone else’s account.
...
Expand | ||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||
|
Expand | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||
|
...
If you are not sure whether your device can be used a security key, you can test it here: https://webauthn.io/?regUserVerification=discouraged&attestation=none&attachment=platform&algES256=true&algRS256=true&discoverableCredential=preferred&authUserVerification=discouraged Enter any username, e.g. “test”, and click register. If the registration is successful, your device has the security key capability and can be used for ProxyIDP MFA.
Note |
---|
When logging into a desktop application or a mobile app (e.g. Microsoft Teams), authentication with a security key will usually not work. This is because most applications do not open a regular browser window, only something like a WebView component, and this component is not allowed to access security keys on behalf of the ProxyIdP website for security reasons. Therefore it is necessary to also register verification codes, otherwise you will not be able to log in. |
Another option is to use a key fob that can be connected to both your computer and phone - such as YubiKey, GoTrust Idem Key or SoloKey. Authentication with a key fob usually means just one extra key press.
Technical information and a support table for various operating systems is available at passkeys.dev
Which services are protected by MFA
Adding the first token automatically sets up Multi-Factor Authentication for all services. Managing for which services multi-factor authentication is enabled is possible in the User Profile.
...