RECIPES › AUTHENTICATION BROKER > MULTIPLE MFA SELECTOR
Multiple MFA Selector
Replacing legacy RSA SecurID with YubiKey passwordless authentication. Use this recipe to:
Replace outdated VPN-centric MFA tokens and adopt modern FIDO2 authentication without custom code
Enroll users in YubiKey protection without any interruption to existing access workflows
Enable modern authentication protection for any on-prem or cloud app
Recipe summary: Multiple MFA Selector
This recipe demonstrates how to replace your legacy RSA SecurID MFA on critical business apps without any interruption to your users’ access experience or needing to rewrite any code. The traditional method for cutting over from a legacy 2FA solution to modern authentication like YubiKey required permanent rewrites for each protected app, and resulted in an “all or none” first-time access experience. The Maverics Identity Orchestration Platform allows you to phase the deployment of your new YubiKey FIDO2 passwordless security investment for specific groups of users at a time, running both YubiKey and SecurID concurrently until testing is complete and you can retire your RSA solution. Best of all, Maverics minimizes the disruption in the existing authentication workflow that your users have come to expect over the years and no permanent code changes are needed for your protected applications to make the switch.
Recipe instructions: Multiple MFA Selector
Recipe sequence diagram: Multiple MFA Selector
Recipe YAML config settings: Multiple MFA Selector
Maverics Identity Orchestration works with a simple YAML config* (as shown in the figure to the right). No app rewrites or custom code is required. Download this recipe’s full config file below.
*Config may vary based on your environment.