MFA identifies the user through more than one category of authentication. A common definition of categories of authentication describes them as:
- a knowledge factor (something you know)
- a possession factor (something you have)
- an inherence factor (something you are)
To implement MFA, you can simply configure an authentication journey with at least one authentication node from two of these three categories.
ForgeRock's wide range of built-in authentication nodes include username, password, one-time passcode (OTP) via email or SMS, LDAP, OAuth 2.0, push notification, WebAuthn (FIDO2 support), and social identity provider. For OTP and push notifications, ForgeRock provides a native authentication app for iOS and Android devices.
In addition to the built-in authentication nodes, ForgeRock hosts many more authentication methods for MFA on the ForgeRock Marketplace. These include nodes provided by our Trust Network Technology Partners and the ForgeRock community.
Strong customer authentication (SCA) is a requirement of the EU Revised Directive on Payment Services (PSD2) which aims to add extra layers of security by ensuring that electronic payments are performed with MFA.
ForgeRock user journeys address the balance between the need for administration of more secure, risk-aware authentication scenarios, while still maintaining a friction-free login experience for users.
The ForgeRock solution includes authentication nodes covering a wide range of factors (including user inputs, contextual, user profile, and external data feeds), together with decision and choice nodes, strong factors (such as one-time passcodes, or push notification), and more. For many organizations, push notification authentication provides an excellent balance of strong authentication and simple user experience, but many other factors are available.