Multi-Factor Authentication

2022

Digital Product Design

Implementing Multi-Factor Authentication (MFA) across all self-service applications for a telecom provider, using Okta software. This security measure will be mandatory for both non-federated and federated customers, the latter subject to their Customer IDP settings. The policy applies universally to all existing and new customers. Furthermore, we are designing a comprehensive enrollment process that allows users to set up their preferred security methods. Options include the Okta Authenticator app, email, SMS, voice call, and other authenticator apps. Users will have the flexibility to add, remove, or manage multiple verification methods directly from their profile. Additionally, administrative functionalities will include oversight of user-selected MFA methods, the ability to modify these settings, and access to a detailed log of historical changes.

+journey mapping, user flows & wireframes, prototyping & interaction design, inclusive & accessible design, cross-platform consistency, business objective alignment, high-fidelity, visual design, user interface
Duration: 9 months

Exploration

A creative, iterative journey, we explored various approaches to find an optimal, evolving design framework. This process focused on flexibility, allowing the final design to adapt and expand while maintaining its core essence, even when modifying authentication methods.

Design solutions

During the initial configuration of MFA, users are presented with detailed guidance delineating the required number of authentication methods to be established, alongside recommendation tags to suggest those of higher security. Throughout the method configuration process, users are provided with step-by-step instructions designed to facilitate a seamless setup experience.
Upon the successful completion of an authentication method, a visual confirmation is conspicuously displayed, and the setup authentication method is rendered inactive, to clearly signal the culmination of the process and ensure an intuitive, user-friendly experience.

Additionally, provisions are in place to offer resolutions in the event users encounter obstacles during setup, e.g. when users can’t scan the QR code.   MFA Cant scan 1

User login & MFA Verification

Upon initial login following MFA setup, users will be authenticated with the most recently configured method. For subsequent logins, the system defaults to the last authentication method used. Users may alter this preference at any time by choosing another established method.

User MFA Management

Users can conveniently manage their MFA settings by accessing their profile and navigating to Settings, where they'll find the MFA section. Here, they can add or remove methods as desired, including the option to incorporate multiple factors for selected methods. All MFA modifications are documented in the Change History table for reference.

Admin MFA Management

Administrators possess the capability to view and remove MFA methods for users within the organization. However, they are unable to configure these methods on behalf of users. This functionality empowers admins to assist users by resetting methods when needed.

Remote Device Restart

Automated Order Requests