Configure Silent MFA for an Integration
This is a beta feature, this feature will receive multiple updates and improvements in the coming weeks.
Note: This guide assumes that you have an account set up with XFA for your organization and you're an admin for that organization on XFA. If you do not have an account, you can create one at https://dashboard.xfa.tech/signup.
Note: MFA can be added to any type of integration, except for an integration of type OAuth2.
To configure the smooth experience of a second factor that is bound to your device, you can use Silent MFA. Silent MFA is a feature that allows you to authenticate without any user interaction. This is done by using a device-bound second factor provided by XFA.
Enable Silent MFA
Go to the XFA Dashboard and navigate to Integration, click on New to create a new integration or Manage integration if you want to add MFA to an existing integration.
Enable the switch next to Enable XFA Multi-Factor Authentication, users will from now on be prompted to authenticate with Silent MFA when logging in using this specific integration.
User Experience
The user can add devices to their account upon first login on a device. The user can either choose Trust or Don't trust. In both cases the user will have to confirm the device, but if the user chooses Trust, the user will not have to confirm the device again on consecutive logins.
First Device
When the user logs in for the first time on a device, the user will be prompted to trust the device. The user will receive an email to confirm the action, clicking the button in the email and returning to the login page will successfully authenticate the user.
Consecutive Devices
When the user logs in to a new device, after already having trusted a device, the user will be prompted to confirm the device. The user will need to open the XFA App or XFA extension on the device that was already enrolled, clicking the Allow button in the pop-up will successfully authenticate the user on the original login page.
Managing Users and Devices
As an admin, you can manage trusted MFA devices for users in the XFA Dashboard. Navigate to Users and click on the circular arrows next to the user to reset all their MFA devices, on next login, the user will have the same experience as if it was a first device they were enrolling.
To remove only one device for a user, navigate to Devices and click the Reset 2FA button next to the device you want to remove as a second factor.