Okta, Inc.
SECURITY GUIDANCE FOR CREATION OF MULTI FACTOR AUTHENTICATION POLICY

Abstract:

An identity provider ("IdP") system maintains a framework of authentication methods and security targets that enables flexible authentication policy authoring and analysis of authentication performed by users of an organization. The IdP system generates authentication method profiles that include authentication factors and attributes, which may be further classified as required or optional. The IdP system also generates security target profiles that indicate security requirements needed to satisfy the corresponding security targets. The IdP system uses the generated profiles to determine relationships between authentication methods and security targets (e.g., a list of authentication methods that satisfy a given security target). Using these relationships, the IdP system may enable users to author policies and analyze how users' authentication behaviors comply with security targets.