Infinipoint Multi Factor

Owned by Gilad Sharaby
Last updated: Mar 21, 2022 by Elad Munitz (Deactivated)
3 min read

Overview

As part of our DIaaS offering, Infinipoint offers admins to add a multi-factor security layer in additional to our best in class device factor.

There are the three types of authentication methods:

  • Asking for something you know (knowledge), such as a password or PIN

  • Asking for something you have (possession), such as a smartphone

  • Asking for something which is part of you (inherent), such as a fingerprint or voice recognition

Multi-Factor Authentication (MFA) is an authentication process that requires the user to provide two or more verification factors to gain access to a resource such as an application, online account, etc. It is a recommended core component of a strong identity and access management as it provides a high-level security to the organization.

A Multi-Factor Authentication (MFA) best practiced requires at least one additional factor type over the “Something you know” factor (commonly a user password or pin), since it is the easiest challenge for attackers to beat. With Infinipoint MFA, users are required to authenticate using an additional “Something you have” or “Something inherent” factors, such as a TOTP, push notification on a mobile device, FIDO device, or a compliant fingerprint reader on their laptop.

Infinipoint supports 3 types of MFA factors:

  1. Push Notification Authentication – Authenticating users using Infinipoint Google Play for android or Apple’s App Store for iOS mobile application, where users receive a push notification on their mobile device, which they need to approve the authentication request. Infinipoint uses an encryption based on FIDO U2F as a challenge and response to each MFA transaction, with a unique private key generated for each device enrollment.

  2. Time-based One-Time Password (TOTP) – A temporary passcode generated by an algorithm that uses the current time, using a 2FA application such as Google Authenticator.

  3. Security Key or Biometric Authenticator – Authenticating users using web authentication (WebAuthn), incorporated into web browsers. Users are able to authenticate using a FIDO device such as yubico or a laptop’s fingerprint reader, for a quick and secure access.

Procedure to enabling MFA

Enabling this feature will require users to enroll and authenticate with an additional factor at the first login to DIaaS.

  1. At the Infinipoint console, select Device Identity > Configuration, choose the Multi Factor tab and click the Edit button at the bottom of the screen.

  2. For each factor type that you wish to use, set the Active toggle on, and choose the enrollment status.
    Users will be required to enroll to all factors which had the “Required” option selected on their “Enrollment Status” drop-down list.
    Upon completion of the required factors enrollment process, users will be able to enroll to any additional active optional factors.

  3. Click Save.

Example screenshots for the user enrollment process:

 

Authentication Flow

Users will be challenged to authenticate according to the MFA and enrollment configuration.
They will be able to choose any active second factor which they have enrolled to.

Example screenshots for user authentication: