Multi-factor Authentication
API Portal provides multi-factor authentication (MFA) that requires the use of two or more authentication factors to verify a user's identity for a login. Authentication factors can be classified into knowledge factors (what the user knows, for example, password), possession factors (what the user has, for example, security token) and inherence factors (what the user is, for example, biometric verification). The authentication mechanism validates each factor thus adding another layer of security during a user log on.
API Portal uses a combination of username, password, and a one-time password (OTP) as authentication factors to verify the user's identity. The user receives the OTP in one of the following ways:
Through an email: a user can request a new OTP which is sent to the user through email.
As a secret token in an email: a user can use the secret token and generate an OTP using an external client, such as Google Authenticator.
For details on how to enable MFA in
API Portal, see
Enabling Multi-factor Authentication.
Any user when on-boarded onto API Portal receives a secret token through an email, when MFA is enabled. The user can use this secret token to generate an OTP, using an external client like Google Authenticator, which in turn is used to log onto API Portal.