Multi factor authentication

  • Resolved yaseico

    (@yaseico)


    1 year, 11 months ago

    Hi, I haven’t used the plug-in yet but was trying to find some information and documentation describing how multi factor authentication is handled by the plug-in.

    For example, my site would normally require MFA for users. Is there a way to enforce use of MFA for a social login like Microsoft.

    Some Microsoft accounts would have MFA configured within Microsoft and others not. I would like to ensure all users apply MFA in order to access my site.

    Thanks

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support Laszlo

    (@laszloszalvak)

    Hi @yaseico

    Nextend Social Login doesn’t have a 2 Factor / Multi factor authentication feature. That is something that is done by rather the provider.

    So e.g. a person can enable 2 Factor Authentication in the Facebook account:

    When it is enabled something like this would happen:

    • The person presses the Facebook button on your website.
    • Nextend Social Login redirects the user to the Facebook authorization endpoint.
    • If the person is not logged to a Facebook account already in the browser, then Facebook will display then authentication screen.
    • There the person should enter the Facebook login credentials and login
    • Before the user gets logged in to the Facebook account, Facebook will request the user to complete the 2 factor authentication.
    • Once the 2 factor authentication is completed, Facebook will display the consent screen – https://developers.facebook.com/docs/facebook-login/guides/permissions – if the person hasn’t authorized your App already ( or the consent has expired ).
    • Once it is done, Facebook will redirect back to your site, we will continue to OAuth communication to get the user data, and we will register a new account or log the user in to an existing account.

    So as you can see this 2 factor authentication is not managed by the plugin, but by the official provider. If the person doesn’t have 2 Factor authentication enabled in the social media account then you can not force that, I am sorry.

    Best regards,
    Laszlo.

    Thread Starter yaseico

    (@yaseico)

    Hi @laszloszalvak

    Thanks for the clarification and detailed explanation. What you explained makes sense to me.

    I appreciate your quick reply.

    Thanks

    Tim

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Multi factor authentication’ is closed to new replies.

Tags