Adaptive MFA
Overview
The Adaptive MFA (Multi-Factor Authentication) module in Akku helps strengthen login security by adapting the authentication requirements based on risk levels.
Navigation Path
Primary and Secondary Settings
Primary Settings
You will see the following fields in this section:
| MFA Method | Description & Configuration |
|---|---|
| Enable AMFA | Enable to activate Adaptive MFA globally |
| Email OTP | Enable to send a one-time passcode to the user's registered email ID |
| SMS OTP | Enable to send a one-time passcode to the user's registered mobile number via SMS |
| Push Notification | Enable to send an approve/deny notification to the user's device |
| Face/Touch ID | Enable to use biometric authentication (face recognition/fingerprint), if enabled on the user's device |
| Authenticator | Enable to allow users to authenticate using Time-based OTP apps like Google Authenticator, Microsoft Authenticator, etc. |
Secondary Settings
Once you enable AMFA toggle ON then only can ON options.
The same authentication factors as the Primary Settings section are also available in the Secondary Settings section.
However, only one factor can be enabled in the Secondary Settings section.
| MFA Setting | Configuration |
|---|---|
| Enable AMFA | Enable to activate a secondary authentication factor to be used for step-up authentication as part of Akku’s Adaptive MFA capability |
| Email OTP, SMS OTP, Push Notification, Face/Touch ID, Authenticator | Enable any one authentication method for step-up authentication |
After selecting your primary and secondary authentication options, click on Update at the bottom to save the configuration.
Risk Score Configuration
Akku’s Adaptive MFA system employs a dynamic risk scoring engine to intelligently determine the appropriate level of security for each access attempt. By configuring risk score thresholds, Akku can implement a tiered response mechanism that balances security and user convenience.
Click on the Risk Score Configuration tab on the Adaptive MFA screen to configure the risk score settings.
Full Access (Risk Score 0-20): When the calculated risk score is low (0-20), indicating a trusted session and minimal indicators of suspicious activity, users are granted seamless access without the need for additional authentication factors. This ensures a frictionless experience for low-risk scenarios.
Trigger MFA (Risk Score 20-40): As the risk score elevates to the 20-40 range, suggesting a slightly higher level of potential risk, you can enable the Trigger MFA option to dynamically trigger Adaptive MFA. Users in this range will then be prompted for an additional verification factor to ensure the legitimacy of the access attempt, adding a layer of security without causing significant disruption.
Temporary Access (Risk Score 40-60): For medium-risk scenarios (scores between 40 and 60), access is granted with Adaptive MFA, but with a temporary duration. You can configure the available temporary access durations (e.g., 10, 30, 60 minutes) to suit your security policies. This approach allows access under potentially elevated risk conditions while limiting the exposure window.
Quarantine Applications (Risk Score 60-80): When the risk score reaches a high level (60-80), indicating a significant potential threat, access is granted with Adaptive MFA for a limited time, and specific applications are placed under quarantine. You can select the applications to be quarantined at this risk level (e.g., Jira). This restricts access to sensitive resources while still allowing necessary access to less critical applications.
Blocked (Risk Score 80-100): For critical risk scores (80-100), where the likelihood of a malicious or unauthorized access attempt is deemed very high, access is immediately blocked. This prevents potential security breaches and safeguards sensitive data.
| Risk Score Range | Access Action | Description |
|---|---|---|
| 0-20 | Full Access | No risk, access granted without additional authentication |
| 20-40 | Trigger MFA | Low risk, access granted with Adaptive MFA |
| 40-60 | Temporary Access | Medium risk, access granted with Adaptive MFA for a limited time period |
| 60-80 | Quarantine Applications | High risk, access granted with Adaptive MFA for limited time and quarantine apps |
| 80-100 | Blocked | Critical risk, block access |
After defining risk score actions, click on Save.
