The following is a snapshot of the MFA Cohortium wiki space before its move to a different platform in 2014.  Unfortunately, the newer content on that later platform has been lost, so this site serves as the only, if incomplete, record of the MFA Cohortium's work.

The MFA Cohortium

The MFA Cohortium is advancing the use of MFA in higher education. Cohortium participants share their explorations, experiences, expertise, artifacts, and overall roadmap to learning about, planning for, and deploying multi-factor authentication for a variety of key use cases within each institution, as well as federated access to services. The Cohortium unites a committed group of campuses in a focused 15-month effort to help themselves and others to make real progress towards MFA deployments. It will enable your institution, and higher education more broadly, to answer the questions "where do we need MFA?", "how do we deploy it?", and "what will it cost and what is our ROI?". Focused on the research and education (R&E) community, the Cohortium deals with issues and use cases of particular concern within R&E such as integrating MFA into WebSSO, sensitive data, cloud services, distance learners, bring-your-own-device, and the return on investment (ROI) within the R&E environment.

[This is a collaboration space for the members of the MFA Cohortium.  While much of the material here is readable for the public, it should be considered a work in progress, subject to change without notice, unless explicitly designated otherwise.] 

NOTE WELL: All Internet2 Activities are governed by the Internet2 Intellectual Property Framework.

(Draft) MFA Roadmap

Cohortium "products": White papers, documents and diagrams published by the Multi-factor Authentication (MFA) "Cohortium"

The following list represent the white papers, documents and diagrams that the MFA Cohortium has officially "published" to date. I.e. the Cohortium has deemed these ready for wider distribution/comment/etc. It's not that these artifacts might not continue to change as we learn more and draw from wider experiences, but that they have achieved sufficient feedback and consensus to be considered useful and ready for a wider audience.

  • How Much Security Is Enough?: How much security should be built into an authentication system to mitigate the risk of incorrectly identifying the subject of an authentication event, thereby enabling an attacker to impersonate an authorized user? The answer, of course, depends on the risk tolerance of the services protected by the authentication system.
  • Enterprise Deployment Strategies for Multi-Factor Authentication: The introduction of multi-factor authentication (MFA) into an institution must address multiple issues, many of which affect the deployment strategy. Among these are: business drivers, management of institutional risk, acceptance by the user community, usability and accessibility, etc. This paper discusses a few possible deployment strategies and how they address these issues.
  • Multi-Factor Authentication Solution Evaluation Criteria: This document outlines criteria that should be considered when evaluating multi-factor authentication products and services. It can also serve as "raw material" for RFPs, technical requirements, and other more formal specifications.
  • Alternative Strategies When Multi-Factor Tokens Are Not Available: A requirement for multi-factor authentication, however, also carries the risk of preventing completely valid transactions when people do not have access to their second-factor tokens. The impact of this risk may be small or large, but the risk to business continuity should always be considered when deploying multi-factor authentication. This document presents potential strategies for mitigating this risk.

MFA Business Drivers, Deployment Decision Tree and Integration Patterns

Currently the Business Drivers & Deployment Decision Tree diagrams linked to on that page are in a "Last call for comments" status.

Information about the Cohortium

Collection of Multi-factor Authentication Reference Materials

Cohortium Meetings

Cohortium Subgroups

Information from Cohortium Members

Key related software activities

These software activities will provide significant enhancements to the ease of incorporating MFA into federated authentication and SSO environments, or in managing aspects of a MFA deployment within a campus.

  • CAS and MFA – the Scalable Privacy project and the University of Utah are planning to support the creation of similar functionality as described in the above Shib RFP for CAS.
  • InCert - "Open source solution to one of the primary obstacles to large-scale implementation of client certificates: installation and lifecycle management of the certificates on the client device(s). Moreover, InCert is architected to be a full-service end user device network on-boarding tool with the ability to perform functions such as setting device security policies, performing network registration functions, configuring wireless and VPN profiles, and a wealth of other campus-configured services."

Presentations related to MFA and the Cohortium

Information Related to Multi-Factor Authentication


What is the MFA Cohortium?

cohortium: "Group of institutions sharing their explorations, experiences, expertise, artifacts, and overall journey", in this case of planning for and deploying multi-factor authentication.

  • Cohort: In statistics and demography, a cohort is a group of subjects who have shared a particular event together during a particular time span [cohort (statistics) from Wikipedia].
  • -tium added to noun base to create abstract noun, "something connected with the act", could mean "act, condition, office of...".

The MFA Cohortium is advancing the use of MFA in higher education. Cohortium participants share their explorations, experiences, expertise, artifacts, and overall roadmap to learning about, planning for, and deploying multi-factor authentication for a variety of key use cases within each institution, as well as federated access to services. The Cohortium unites a committed group of campuses in a focused 15-month effort to help themselves and others to make real progress towards MFA deployments. It will enable your institution, and higher education more broadly, to answer the questions "where do we need MFA?", "how do we deploy it?", and "what will it cost and what is our ROI?". Focused on the research and education (R&E) community, the Cohortium deals with issues and use cases of particular concern within R&E such as integrating MFA into WebSSO, sensitive data, cloud services, distance learners, bring-your-own-device, and the return on investment (ROI) within the R&E environment.

Cohortium Membership

Even though Cohortium activities are well underway, we are still accepting applications to participate.  Please use web form in Application Form for joining the MFA Cohortium.


The MFA Cohortium wiki has moved!  Please browse to its new home.

  • No labels