Child pages
  • Multifactor Login Service

The Incommon Federation wiki has moved.

Please visit the new InCommon Federation Library wiki for updated content. Remember to update your bookmarks.

Click in the link above if you are not automatically redirected in 15 seconds.

Skip to end of metadata
Go to start of metadata


Note that this page has been deprecated; the information it contains is no longer current. It has been retained for historical purposes only.

Multifactor Login Service

The InCommon Multifactor Authentication (MFA) Service (also called the InCommon Multifactor Login Service) is used to log into the InCommon Federation Manager or the InCommon Certificate Manager with two or more factors.


  • Distributed Multifactor Authentication

  • Step-Up Authentication (planned)

  • Automated User Enrollment and Device Management (in progress)

  • Embedded Discovery Service

  • Integrated Google Gateway Service

  • Embedded Login and Account Creation Service (planned)

  • Embedded Error Handling Service (planned)

The MFA Service performs distributed multifactor authentication. A user first logs in at their home IdP with a username/password and then logs in again at the MFA Service with a mobile device. The home organization is responsible for managing the password token while InCommon Operations manages the mobile token.

The InCommon Multifactor Login Service has been in production since March 26, 2014. The first users to take advantage of the service were the InCommon RAs. Other users will begin transitioning to the Multifactor Login Service during Q2 2015. Eventually InCommon RAOs will use the Multifactor Login Service to log into the Certificate Manager with two or more factors.

#trackbackRdf ($trackbackUtils.getContentIdentifier($page) $page.title $trackbackUtils.getPingUrl($page))
  • No labels