With MFA, users must answer an additional layer of security to verify the identity of the person who wants to sign on. Nowadays, passwords are insuficient and another factor of authentication is suitable option to give access to the right people at the right moment.

Mario Moreno

IAM Engineer

July 19th, 2021

When we talk about MFA, we refer to an added layer of security that its main purpose is to verify an user’s identity when there are signing into an application. Along this solution, the cloud must be protected keeping the right people in and the wrong people out. MFA looks to secure your employees, partners, contractors and customers. 

By using MFA, you will be able to create access policies that assess risk factors: device used to log in, location of the user who wants to log in, his/her IP and other contexts. Best of all is that you will deliver a great experience for the user. With the adaptive access policies, you will reduce friction for users, getting rid of passwords and user will be capable of enroll and reset MFA factor on their account. 

MFA factors that can be applied on your business to protect your workforce and customers:


Okta detect threats from suspicious IP addresses form credential based-attacks. Uses attack data from across the network to identify and block attempts that are uncommon or from doubtful origin.

Passwordless authentication

This factor will allow you to reduce or eliminate a majority of password-based attacks, such as phishing and credential stuffing. They could be applicable for workforce but also for customer identity; the main options are Factor Sequencing, Paswordless with Device Trust and Desktop Single Sign-On.

Biometric authentication

Okta supports biometrics authentication delivering support via Windows Hello, Touch ID, Face Id and more. Okta is also able to integrate 3rd party technologies that support SAML and OIDC integrations.

Okta verify (our favorite)

It is an MFA factor and authenticator app used to confirm user’s identity when signing into their Okta account. Users cand verify their identity by approving a push notification or with a one-time code.

Context-based authentication

With this feature you have the means for combining a wide range of contextual data signals to assess risk. Also, you are going to be capable of reducing the frequency of MFA prompts. An example of this combination would be not requiring MFA if it is a managed or a known device or prompt stronger factors for new devices.

Risk-based authentication

Okta assigns a risk level to every sign in by using contextual information about the sign in, such as the IP, device, behavior or location, so Okta will evaluate the risk, determine if it is allowed, after how long the session will expire and how often a factor will be required. The risk engine is comprised of two parts: Heuristics and AI engine. Heuristics define policies to address any risk scenarios while AI engine feed context into Okta’s machine learning models to identify risks. 

Other products that could complement adaptive MFA are single sign on, access gateway, universal directory and authentication. In our next blogs, we are going to talk about more about these complements.  

If you want to know more about MFA, you can visit the following pages:




[1] Security features, Okta Inc., 2021

[2] Adaptive Multi-Factor authentication, Okta Inc., 2021

[3] Adaptive MFA, Okta Inc., 24 February 2016

[4] What is Adaptive Multi-factor Authentication (MFA)?, Andy Zindel, 7 December 2017