Multifactor Authentication Service
The InCommon Multifactor Authentication (MFA) Service is used by InCommon Site Administrators (and other privileged users) to log into the Federation Manager with two or more factors.
The MFA Service performs distributed multifactor authentication. A user first logs in at their home IdP with a username/password and then logs in again at the MFA Service with a mobile device. The home organization is responsible for managing the password token while InCommon Operations manages the mobile token.
The InCommon MFA Service has been in production since March 26, 2014. The first users to take advantage of the service were the InCommon RAs. InCommon Site Administrators will begin transitioning to the MFA Service during Q3 2014. Eventually InCommon RAOs will use the MFA Service to log into the Certificate Manager with two or more factors.