MFA Requirements

In addition to requiring user’s to authenticate with a MFA provider like Duo, Google or MS Authenticator or other TOTP providers, using Workflow Engine of PAM you can require a second MFA token before the same approved user can Connect, Unlock, Edit or Execute Tasks with Records.

 

To enable MFA enforcement with a Workflow Binding, create a new Workflow Binding or edit an existing one, locate the MFA parameter and select between the available choices:

  • Disabled: Select this option to not require MFA before the user may perform their approved action.
  • Required: Select this option to require MFA before the user may perform their approved action.

Save your binding when you are finished.

When the approved user then attempts to perform this approved action, they will be presented with a MFA Token prompt like shown below. They must authenticate with their MFA provider in order to proceed.

 

Workflow-TOTP-MFA-Token-Prompt

 

Workflow-Duo-MFA-Token-Prompt

< Back to Request and Approval Workflows