MFA for External Portal Users

devanshum749680 14 days ago

We have an external supplier portal in Appian where we need to implement MFA to hide sensitive sections on interface until verification is completed within the session.

Preference is to avoid app-based authenticators as some suppliers are hesitant to install anything.

Has anyone implemented something similar? Looking for suggestions on:

Step-up MFA approach for external Appian portal users
Conditionally showing/hiding sections based on completed verification
App-free options like email OTP or SMS OTP that work well in Appian

Discussion posts and replies are publicly visible

Parents

0 devanshum749680 1 day ago

I have a requirement for step-up authentication during the registration submission process. The scenario is not related to initial login authentication. Instead, the user is already authenticated, and at a specific point in the workflow we need to perform an additional identity verification before displaying confidential information or allowing access to sensitive sections of a form/dashboard.

Has anyone implemented a mid-process step-up authentication mechanism in Appian, where the user's identity is revalidated based on the sensitivity of the data or action being performed?

Please note that I am not looking for solutions related to login authentication or SSO login flows, as this requirement specifically involves step-up authentication within an active user session.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 devanshum749680 1 day ago

I have a requirement for step-up authentication during the registration submission process. The scenario is not related to initial login authentication. Instead, the user is already authenticated, and at a specific point in the workflow we need to perform an additional identity verification before displaying confidential information or allowing access to sensitive sections of a form/dashboard.

Has anyone implemented a mid-process step-up authentication mechanism in Appian, where the user's identity is revalidated based on the sensitivity of the data or action being performed?

Please note that I am not looking for solutions related to login authentication or SSO login flows, as this requirement specifically involves step-up authentication within an active user session.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 karthikr067273
Certified Lead Developer
3 hours ago in reply to devanshum749680

Can you try something like below,

Step-by-Step Implementation: OTP-Based Step-Up Authentication in Appian

1. Initialize Verification Flag

Create a local variable to track verification status.

2. Trigger on Sensitive Actions

Require OTP verification when users access sensitive features:

- View payment information

- Open confidential documents

- Change account settings

Instead of showing data directly, display the OTP verification UI first.

3. Generate OTP

Use an expression rule or process model to generate a random OTP.

Store the following:

- OTP value

- Expiry time (e.g., 10 minutes)

- User ID / Session reference

4. Send OTP

Option A: Email (simple, no external dependencies)

- Use Appian's Send Email Smart Service

Option B: SMS (recommended for external users)

- Integrate with Twilio, CM.com API, or similar

5. Create OTP Input UI

Add a text field for user input.

6. Validate OTP

Compare user input against the generated OTP.

If valid, set verification flag.

7. Show/Hide Sensitive Data

Use conditional visibility to display content only after verification.

Advanced: Optional Extensions

Session Management:

- Local variable: Verification persists only during current session

- Process variable: Verification persists across interface reloads

Security Enhancements:

- Add 10-minute timeout for OTP validity

- Force re-verification for additional sensitive actions

- Log all verification attempts for audit trail
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel