...
Currently the Haka MFA service uses Time-based One-Time Password algorithm (TOTP) standard RFC 6238 as an authentication method. In practice, the user can for instance have a TOTP compliant app (such as, Google authenticator) in their smartphone. In addition an SMS-based authentication is used in user registration. When a user is directed to the MFA service their identifier released from the IdP is examined. If the user has an existing second factor configured, the MFA can be invoked directly. If there are no existing second factors associated to the identifier, the user is directed to register and configure their second factor. The second factor registration is carried out by sending an SMS to the user's registered cellphone number.
Getting started with Haka MFA
Haka MFA supports any SAML2 compatible service provider software and currently Shibboleth based identity provider. If you wish to integrate Haka MFA to your Haka service, please contact Haka servicedesk.