Multi-Factor Authentication
LIDS Application Server does not implement multi-factor authentication natively. MFA support is delegated to third-party Identity Management systems integrated via the IdM authentication flow. When the connected IdM provider enforces MFA, the LIDS integration layer and all client applications handle the resulting authentication challenges transparently — no additional configuration is required on the LIDS side.
Overview
| Topic | Note |
|---|---|
| MFA ownership | MFA is implemented and managed by the external IdM, not by LIDS Application Server. |
| Integration point | LIDS connects to the external IdM through the auth server (SAS). |
| LIDS behavior | After successful authentication, LIDS continues with its standard authorization and application access rules. |
How MFA is provided
When a partner requires MFA, the authentication process must be configured on the external IdM side. The auth server handles the authentication exchange with that IdM and returns the authenticated user back to LIDS.
From the LIDS perspective, MFA is therefore available only indirectly:
- The user is redirected to the auth server.
- The auth server delegates authentication to the external IdM.
- The external IdM performs MFA according to the partner's policy.
- After successful sign-in, the user returns to LIDS through the auth server integration.
Partner guidance
- Use an external IdM if MFA is required.
- Connect that IdM to LIDS through the auth server (SAS).
- Configure MFA rules, factors, and user policies on the IdM side.
- Do not expect LIDS Application Server itself to provide MFA configuration or MFA policy management.
Scope note
This page is only a quick integration note for partners. Detailed implementation and IdM-specific setup are outside the scope of this guide.