Authentication Methods
SecTrail MFA offers over 13 different authentication methods, providing solutions suitable for every use case. Verification can be performed with any number of multiple factors.
Available Authentication Methods
Primary Authentication
LDAP/Active Directory
Active Directory integration with corporate directory verification.
- Use Case: Corporate users, first-factor authentication
- Features: Group synchronization, attribute-based policies
- Advantages: Utilizes existing infrastructure, central management
Local User
User management using a local database.
- Use Case: Non-LDAP environments
- Features: User/group management, import/export
- Advantages: Independent operation, easy setup
Second Factor Authentication
SMS OTP
Sending a one-time password via SMS.
- Use Case: Universal, users with phone access
- Features: Multiple SMS providers, international support
- Advantages: Widespread usage, easy adaptation
Email OTP
Sending an authentication code via email.
- Use Case: Alternative second factor
- Features: Custom mail servers, HTML templates
- Advantages: Internet access is sufficient, cost-effective
Push Notification
Instant approval via a mobile application.
- Use Case: User-friendly, quick approval
- Features: One-tap approval, biometric verification
- Advantages: High security, enhanced user experience
TOTP (Soft OTP)
Time-based token (SecTrail Authenticator compatible).
- Use Case: Standard, offline use
- Features: QR code enrollment, TOTP standard
- Advantages: Does not require internet, universal compatibility
Advanced Methods
WebAuthn
Hardware security keys and platform authenticators.
- Use Case: Highest security requirements
- Features: Windows Hello, Touch ID support
- Advantages: Phishing protection, hardware-based security
Approved OTP (Manager Approved)
Authentication via a hierarchical approval system.
- Use Case: Critical access, manager control
- Features: Multi-level approval, email notifications
- Advantages: Additional layer of control, auditability
QR Login
Passwordless login with a QR code.
- Use Case: Fast, mobile-first authentication
- Features: Dynamic QR codes, mobile app integration
- Advantages: Passwordless, user-friendly
Mail Auth
Click-to-authenticate via email.
- Use Case: Simple click-to-authenticate
- Features: Time-limited links, secure tokens
- Advantages: Easy to use, no extra software required
LDAP + OTP
Combination of LDAP password and OTP in one step.
- Use Case: Seamless two-factor security
- Features: Single prompt, unified verification
- Advantages: Improved user experience, one step
Custom HTTP
OTP delivery via configurable notification rules (SMS or email based on user attributes).
- Use Case: Flexible multi-channel OTP routing
- Features: Rule-based delivery, attribute-driven routing, fallback channels
- Advantages: No fixed channel — adapts to each user's available contact info
External Auth
Integration with external authentication systems via HTTP.
- Use Case: Using an organization's own authentication application as an MFA factor
- Features: GET/POST/Custom request modes, immediate response / polling / callback waiting modes
- Advantages: Integrates with any external system; user approves through the external channel
Configuration
The necessary steps for each authentication method:
- Method Setup: Configure the verification service/provider
- Profile Creation: Define how the method will be used
- Policy Assignment: Apply to applications/users
Multi-Factor Chains
SecTrail MFA allows you to combine multiple methods in authentication chains:
- LDAP → SMS OTP: Traditional 2FA
- LDAP → Push: Modern 2FA
- LDAP → TOTP → WebAuthn: Triple-factor authentication
- QR Login: Passwordless single step
For optimal security, use a combination of "something you know" (password) and "something you have" (phone, token).
Related Pages
- Configuration - Connect factor chains to applications
- Access Control - Additional security policies for authentication
- Users - Management of users and groups