← BACK TO RECIPES

How to enable a multiple MFA selector

Replace legacy RSA SecurID with YubiKey passwordless authentication.

  • Replace outdated VPN-centric MFA tokens and adopt modern FIDO2 authentication without custom code
  • Enroll users in YubiKey protection without any interruption to existing access workflows
  • Enable modern authentication protection for any on-prem or cloud app
Ingredients
Maverics
YubiKey
Target App
MFA

Leave a real legacy by modernizing authentication architecture

The recipe diagram

A simple user journey that simply works.

The sequence diagram

How everything comes together to authenticate.

What the user sees

  • Your user will navigate to the existing protected app through their standard access workflow.

  • The user will then either sign in with their app-level credentials or your SSO provider will be leveraged to ensure that the user has the appropriate active group membership for accessing the application.

  • The RSA SecurID step-up authentication process will be followed one last time, asking the user to enter their RSA Keychain Code.

  • A new one-time registration screen will be displayed informing the user they are being registered for YubiKey authentication, and ask for the appropriate user information.

  • Your user will be instructed to enter their known YubiKey PIN and touch the inserted YubiKey dongle to complete the registration.

  • The user will then have access to the protected application as expected.

  • All future user access to this particular app will then bypass the SecurID workflow and follow the new YubiKey authentication steps instead.

What the admin does

  • This recipe demonstrates how to replace your legacy RSA SecurID MFA on critical business apps without any interruption to your users’ access experience or needing to rewrite any code.
  • The traditional method for cutting over from a legacy 2FA solution to modern authentication like YubiKey required permanent rewrites for each protected app, and resulted in an “all or none” first-time access experience.
  • The Maverics Identity Orchestration Platform allows you to phase the deployment of your new YubiKey FIDO2 passwordless security investment for specific groups of users at a time, running both YubiKey and SecurID concurrently until testing is complete and you can retire your RSA solution.
  • Best of all, Maverics minimizes the disruption in the existing authentication workflow that your users have come to expect over the years and no permanent code changes are needed for your protected applications to make the switch.

Most users will never know you changed anything

Get your YAML config settings and deploy

Maverics Identity Orchestration works as a simple YAML config: just fill in the blanks and go. There’s no custom code, no rewrites and no long engagements. You may need to make light config adjustments based on your environment, but that’s it. 

Ready to leave this particular legacy in the past? Grab this recipe and modernize.

Download Recipe

Solve more modernization challenges with ready-to-deploy recipes

How to add 1Kosmos passwordless step-up authentication and user registration

Quickly protect any resource with Passwordless MFA (PMFA) and register new users without disruption to the access workflow.

Step-up
1Kosmos
PMFA
Azure AD
Maverics
Passwordless
How to move from OAM to Azure AD

Oracle Access Manager is challenging to maintain and provides limited app protection possibilities. Use this recipe to replace it with Azure AD without refactoring your apps.

OAM
Azure AD
Maverics
Target App
Authentication
Modernization
How to move from OAM to Okta

Oracle Access Manager is challenging to maintain and provides limited app protection possibilities. Use this recipe to replace it with Okta without refactoring your apps.

OAM
Okta
Maverics
Target App
Authentication
Modernization
How to move from SiteMinder to Azure AD

SiteMinder’s end of service is coming. Use this recipe to replace it with Azure AD without refactoring.

CA SiteMinder
Azure AD
Maverics
Target App
Authentication
Modernization

View all recipes

Ready to modernize any app in 10 mins?

Let us prove to you how easy this can be and demo a complete app modernization experience in under 10 min.

Book a demo