Device Code Flow

This feature is currently available only to customers participating in a Private Preview. If you'd like to participate and be among the first to try this feature, ask our support or account team for details.

The Delinea Platform supports Multi-factor Authentication (MFA) on endpoints using Device Code Flow. This feature enables secure authentication using external authentication sources such as mobile devices or workstations with an interactive web browser. By integrating MFA with Device Code Flow, users can verify their identity by entering a random generated code into a second, separate hardware device, ensuring compliance with security policies and unlocking additional MFA challenges such as FIDO2.

The feature works on Windows, Linux, and Unix operating systems. It requires agent 6.2.0 or greater for Privilege Control for Servers or Server Suite.

Setup and Prerequisites

To use the Device Code Flow feature, a user must be assigned to an authentication profile with an applicable authentication challenge. Some examples could be SSO, Duo Universal Authenticator, or FIDO2 authenticator. See Adding a New Authentication Profile.

Usage

1. User Logs into endpoint or requests elevation.

2. Agent reaches out to platform for MFA options.

3. User is presented with directions to access {tenant}.Delinea.app/devicecode and is presented with 8-digit code.
   
   
   

4. User opens web browser on workstation or mobile device, navigates to URL and types in code.
   
   

5. Platform redirects MFA to IdP (Entra, Ping, Okta) or challenges with platform MFA method such as FIDO2/Yubikey.

6. User is allowed to login or elevate on respective endpoint.