Adaptive Multi-factor Authentication Methods

Authentication Methods

Security You Need. Flexibility Your Users Demand.

Centrify Application and Endpoint Services make it easy to implement multi-factor authentication for every user. Choose from a comprehensive range of authentication methods, including passwords, smart cards, soft tokens, or cryptographic devices. Get the protection you need without sacrificing the convenience your users demand.

Single Factor Cryptographic Devices

Centrify also enables FIDO U2F The FIDO U2F mechanism is an authentication standard developed by the FIDO Alliance that is designed to be open, secure, private and easy to use. Hailed as the next generation two-factor authentication, advantages of FIDO U2F include:

  • Heightened security - Public key cryptography protects against phishing, session hijacking, and malware attacks
  • Ease of use - No codes to re-type and no drivers to install
  • High privacy - no personal information is associated with a key
  • Scalable usage - unlimited number of accounts can be protected by one single device

With Centrify, enterprises have the option of using devices that comply with the FIDO U2F requirement as well as meet NIST 800-63b strongest Authentication Assurance Level 3 requirements when combined with the user’s password.

Smart Cards

Smart Cards are a highly secure alternative to usernames and passwords. CAC, CAC NG, PIV, and PIV-I and USB PKI (i.e. Yubikey) are all supported. Centrify also lets you use derived credentials for smartcard-based, compliant single sign-on to your mobile apps — without cumbersome readers. Leverage your existing credentials to use PIV/CAC card plus soft token for secure access to government data across endpoints.

Multi-factor Authentication VPN Methods, MFA VPN Authentication Methods

Soft Tokens

Simplify multi-factor authentication with the free Centrify mobile app. With just one-tap on their smartphone or smartwatch, users can approve an authentication request. Got users who don’t have push notifications?

No problem. They can use a one-time passcode (OTP) generated by the Centrify mobile app.


Need to generate OTP tokens for third party websites that require multi-factor authentication? The Centrify mobile app generates time-based tokens for any OATH-based multi-factor service like Google, Evernote, Amazon Web Services and more. Users simply scan the QR code on the third party website with the Centrify mobile app to exchange secrets. Unlike other mobile authenticator apps, the Centrify mobile app stores shared secrets in the Centrify cloud. That means the secrets and accounts can be centrally managed and made available on any managed device.

The Centrify mobile app is available from the Apple App Store and Google Play store.


Some users don’t have a smartphone or Internet connectivity. Centrify Application and Endpoint Services provide a number of ways for these users to provide an additional factor. Get a one-time passcode sent via SMS/text message. Receive phone call to any registered phone number (mobile phone or landline) and press a key when prompted. Click a link sent to your email. Or correctly answer a security question.

MFA via SMS/text message for old mobile phones