Using Multi-Factor Authentication

The Delinea Platform provides cloud-based, flexible multi-factor authentication (MFA) as powerful as many retail MFA products and services. It is strongly recommended that all administrators and business users on the platform be required to use multi-factor authentication (MFA) to log in.

About MFA

Platform MFA has two components: Creating Authentication Profiles and Creating Identity Policies.

• An identity MFA profile determines which MFA challenges are presented to a user (see Creating Authentication Profiles).

• An identity policy determines whether and when a user is presented with the challenges in their assigned MFA profile (see Creating Identity Polices).

For more information about MFA on the Delinea Platform, see the following sections:

• Creating Identity Policies. Enabling MFA on the platform requires setting up identity policies and assigning them to users. An identity policy determines whether and when a user is presented with the challenges specified in the associated MFA profile.

• Creating Authentication Profiles. Enabling MFA on the platform requires setting up authentication profiles. An authentication profile specifies the authentication challenges required to log in to the platform, and the length of time that must elapse before a user is re-prompted for authentication.

• Using MFA Providers. Configuring MFA providers provides an additional layer of security to ensure proper authentication for users accessing the Delinea Platform.

• Using MFA for Secrets. Multi-factor authentication (MFA) for secrets gives platform administrators the option to add one or more security requirements to access defined secrets.

• Configuring IWA. The Delinea Platform can accept an Integrated Windows Authentication (IWA) connection as sufficient authentication for users with Active Directory accounts to log in to the platform.

• Using Corporate IP Range. The Corporate IP Range function is used to define IP ranges for both internal and external networks and to define authentication requirements, such as the locations or IP ranges from which users can log in to the Delinea Platform.

• Login Flow for the Delinea Platform Portal (MFA). The Delinea Mobile app can be used as an MFA mechanism for logging in to the Delinea Platform. Also see Delinea Mobile Log in Process.

• MFA Providers: Configuring MFA providers adds an additional layer of security to ensure that users accessing the Delinea Platform are properly authenticated:

  • Using Duo Authentication

  • Using RADIUS Authentication