This FAQ supports the use of the REFEDS Multifactor Authentication Profile in SAML. This documentation is intended to be non-normative supporting information. If you have any questions about the use of the REFEDS MFA Profile, please direct them to the REFEDS mailing list (refeds@lists.refeds.org).
Introducing the REFEDS MFA Profile
Learn the basics of the REFEDS MFA Profile, what it is, and how to use it.
Section | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Guidance for Identity Provider Operators
Explores tips for IdP Operator when supporting the REFEDS MFA Profile.
Section | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Guidance for Service Provider Operators
Discover how to use the REFEDS MFA Profile to request MFA, and how to handle responses from an Identity Provider.
Section | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Dealing with Institution MFA Policies
Does your institution's policies for handling MFA behavior conflict with external federated access requirements? Find out how to work through them.
Section | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Product specific questions
Get help with implementing REFEDS MFA Profile with popular IAM products.
Section | ||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Relationships to Other Standards
Uncover how Refeds MFA Profile relates to, supports, and is supported by other REFEDS and industry standards.
Section | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
How to use this FAQ
The REFEDS Multi-factor Authentication (MFA) Profile offers a succinct way for a service provider (SP) to request MFA and for an Identity Provider (IdP) to respond in a SAML authentication transaction.
This guide explains the relationship between SAML and the REFEDS MFA Profile, provides implementation best practices, and clarifies ambiguities in the REFEDS MFA Profile. Use this guide as a complement to the formal specification documents to help you make the right choices when implementing the REFEDS MFA Profile.
As more questions arise, we will add to this guide. Come back and visit regularly to get the latest information.
Terms/Abbreviations used in this FAQ
This FAQ references several acronyms and shortened terms. The following table provides keys to those abbreviations.
Term | Definition |
MFA | Multi-Factor Authentication |
REFEDS | The Research and Education FEDerations group (more info: https://refeds.org) |
Profile | REFEDS Multi-factor Authentication Profile; REFEDS MFA Profile |
SAML | Security Assertion Markup Language |
SP | A SAML Service Provider |
IdP | A SAML Identity Provider |
SSO | Single Sign-On |