Multi-Factor Authentication

The Delinea Platform provides cloud-based, flexible multi-factor authentication (MFA) as powerful as many retail MFA products and services. It is strongly recommended that all administrators and business users on the platform be required to use multi-factor authentication (MFA) to log in.

About MFA

Platform MFA has two components: Authentication Profiles and Identity Policies.

  • An identity MFA profile determines which MFA challenges are presented to a user (see Authentication Profiles).

  • An identity policy determines whether and when a user is presented with the challenges in their assigned MFA profile (see Identity Polices).

For more information about MFA on the Delinea Platform, see the following sections:

  • Identity Policies. Enabling MFA on the platform requires setting up identity policies and assigning them to users. An identity policy determines whether and when a user is presented with the challenges specified in the associated MFA profile.

  • Authentication Profiles. Enabling MFA on the platform requires setting up authentication profiles. An authentication profile specifies the authentication challenges required to log in to the platform, and the length of time that must elapse before a user is re-prompted for authentication.

  • MFA Providers. Configuring MFA providers provides an additional layer of security to ensure proper authentication for users accessing the Delinea Platform.

  • MFA for Secrets. Multi-factor authentication (MFA) for secrets gives platform administrators the option to add one or more security requirements to access defined secrets.

  • RADIUS Configuration. You can use your RADIUS server to authenticate users to the Delinea Platform.

  • Integrated Windows Authentication. The Delinea Platform can accept an Integrated Windows Authentication (IWA) connection as sufficient authentication for users with Active Directory accounts to log in to the platform.

  • Corporate IP Range. The Corporate IP Range function is used to define IP ranges for both internal and external networks and to define authentication requirements, such as the locations or IP ranges from which users can log in to the Delinea Platform.

  • Login Flow for the Delinea Platform Portal (MFA). The Delinea Mobile app can be used as an MFA mechanism for logging in to the Delinea Platform. Also see Delinea Mobile Log in Process.