Multi-factor authentication

Most Helix Core servers are behind a secure firewall and require user passwords.

MFA in general

Multi-factor authentication (MFA) adds an additional layer of security in case a user password is compromised. MFAis a method of confirming a user's claimed identity. A user is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism, such as:

  • knowledge (something they and only they know)
  • possession (something they and only they have)
  • inheritance (something they and only they are)

MFA with Helix Authentication Service

If you are using the Helix Authentication Service (HAS) and you want multi-factor authentication, it is strongly recommended that you use the MFA solution that your IdP provides. This means you should not install the separate Helix MFA app. The only use case for installing the Helix MFA app with the Helix Authentication Service is if you wanted to use a MFA service that is separate from your IdP. For information about HAS, see Helix Authentication Service Administrator Guide.

Helix MFA app

Helix MFA app:

  • should only be used when your password store and your MFA service are separated. A common example would be using LDAP as your password store with Okta as your MFA service.

  • supports the most common factors:
    • One Time Password (OTP) codes
    • Third party or external prompts, such as a mobile app authentication or a phone call

For an example of how the Helix Core server can support MFA in conjunction with a cloud-based identity provider, see: