Multi-factor authentication

Most Helix Core servers are behind a secure firewall and require user passwords.

MFA in general

Multi-factor authentication (MFA) adds an additional layer of security in case a user password is compromised. MFAis a method of confirming a user's claimed identity. A user is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism, such as:

  • knowledge (something they and only they know)
  • possession (something they and only they have)
  • inheritance (something they and only they are)

MFA with Helix Authentication Service

If you are using the Helix Authentication Service (HAS) and you want multi-factor authentication, it is strongly recommended that you use the MFA solution that your IdP provides. For information about HAS, see Helix Authentication Service Administrator Guide.

The only use case for installing the Helix MFA app with the Helix Authentication Service is to use a MFA service that is separate from your IdP.


Not all products interfacing with the Helix Authentication Service support MFA triggers. Check the relevant product guides to see if and how they support MFA triggers.

Helix MFA app

Helix MFA app:

  • should only be used when your password store and your MFA service are separated. A common example would be using LDAP as your password store with Okta as your MFA service.

  • supports the most common factors:
    • One Time Password (OTP) codes
    • Third party or external prompts, such as a mobile app authentication or a phone call

For an example of how the Helix Core server can support MFA in conjunction with a cloud-based identity provider, see: