How can we help?

Searching:

0 results found
backBack

Logging In Using Multi-factor Authentication

Multi-factor Authentication (MFA) is a method of verifying a user’s identity, which requires that the user present more than one piece of identifying information. This method provides an additional layer of security, decreasing the likelihood of unauthorized access.

Axonize supports an optional MFA mechanism on its authentication gateway, which is currently implemented by the Axonize REST API. Axonize’s MFA mechanism is not enabled by default, and must be enabled by editing the enableMultiFactorAuthentication property on the relevant Application endpoint. When MFA is enabled for an Application, the Axonize system provides a second factor binding code using one of the supported Multifactor Authenticators (SMS or Email).

In order to log in to the Axonize Portal and the Axonize API, you should obtain the Axonize authentication token. If the MFA mechanism is enabled, the following flow applies. The objective of this flow is to obtain Axonize’s authentication –

  • The Axonize system provides a second factor binding code using one of the supported Multifactor Authenticators (SMS or Email). If the user has a mobile number that has been saved in the Axonize system, the user is sent an SMS that contains the binding code. Otherwise, the user is sent an email containing the binding code in the MFA login response.
  • After the user receives the binding code (either by SMS or email), the user can log in using an Auth/verifyMultifactorBindingCode If the parameters supplied in this request are valid, the user can use the provided authentication token to access Axonize REST API endpoints. In this case, a 200 OK status code is returned in the Auth/verifyMultifactorBindingCode response.

The following shows the login response when all login request parameters are OK and MFA is enabled –

[DataContract(Name = “mfaLoginResponse”)]

    public class MFALoginResponse

    {

        [DataMember(Name = “token”)]

        public string Token { get; set; }

 

        [DataMember(Name = “authenticatorCode”)]

        public string AuthenticatorCode { get; set; }

 

        [DataMember(Name = “authenticator”)]

        public string Authenticator { get; set; }

    }