...
- Service Provider (SP) initiated MFA (flow: SP → MFA → IdP)
Gliffy Diagram name MFA_Use_case_1 pagePin 1 - Identity Provider (IdP) initiated MFA (flow: SP → IdP → MFA)
Gliffy Diagram name MFA_Use_case_2 pagePin 1
In the SP initiated use scenario a service provider directs all authentication requests to the MFA service with a keyword requesting a certain authentication level in it's authentication request. The MFA service first redirects the users to their home organization IdP for an ordinary (password) authentication. After that the MFA service performs an authentication using the second factor.
...