Multi-Factor Authentication

The Delinea Platform provides cloud-based, flexible multi-factor authentication (MFA) as powerful as many retail MFA products and services. It is strongly recommended that all administrators and business users on the platform be required to use multi-factor authentication (MFA) to log in.

About MFA

Platform MFA has two components: Creating Authentication Profiles and Creating Identity Policies.

• An authentication profile determines which MFA challenges are presented to a user (see Creating Authentication Profiles).

• An identity policy determines whether and when a user is presented with the challenges in their assigned MFA profile (see Creating Identity Polices).

For more information about MFA on the Delinea Platform, see the following sections:

• Creating Authentication Profiles. Enabling MFA on the platform requires setting up authentication profiles. An authentication profile specifies the authentication challenges required to log in to the platform, and the length of time that must elapse before a user is re-prompted for authentication.

• Creating Identity Policies. Enabling MFA on the platform requires setting up identity policies and assigning them to users. An identity policy determines whether and when a user is presented with the challenges specified in the associated MFA profile.

• Using MFA Providers. Configuring MFA providers provides an additional layer of security to ensure proper authentication for users accessing the Delinea Platform.

• Using MFA for Secrets. Multi-factor authentication (MFA) for secrets gives platform administrators the option to add one or more security requirements to access defined secrets.

• Using a FIDO2 Security Key: To use a hardware security key such as FIDO2, you must set it up in your user profile, your authentication profile, and your identity policy.

• Configuring Corporate IP Ranges. The Corporate IP Range function is used to define IP ranges for both internal and external networks and to define authentication requirements, such as the locations or IP ranges from which users can log in to the Delinea Platform.

• Configuring IWA. The Delinea Platform can accept an Integrated Windows Authentication (IWA) connection as sufficient authentication for users with Active Directory accounts to log in to the platform.

• Configuring OTP Client Authentication. Organizations can enhance security by implementing OATH OTP-based authentication alongside standard password-based login for local Delinea Platform accounts.

• Configuring Duo Authentication. A detailed guide for setting up Cisco Duo authentication on the Delinea Platform.

• Configuring RADIUS Authentication. You can use your RADIUS server to authenticate users to the Delinea Platform.

• Configuring Mobile Authentication. Admins can use the Delinea Mobile app as an MFA mechanism for logging into the Delinea Platform.

•