SAML MFA
Multi-factor Authentication (MFA) for Security Assertion Markup Language (SAML) refers to a secure type of authentication that allows users to use multiple authentication factors in a Single Sign-On (SSO) infrastructure. This means that, on top of the SSO login, the user will have to provide a secondary authentication factor, which in this case is based on the SAML framework. Examples of this second factor could be Mobile Push or WebAuthn.
It’s worth mentioning that because SAML is not an authentication protocol, SAML MFA only adds an extra layer of security to the authentication process. There are some instances where re-authentication is required for applications with stronger security. In these cases, it’s possible to use SAML to break the SSO session and restart the authentication process.
MFA with SAML provides a much more secure way to manage the identity of users and mitigate the risk of identity theft or fraud. For enterprises, MFA can be activated in Active Directory for Enterprises or simply activated if there is a federal identity system in place.