Configuring Multi-Factor Authentication (MFA)

SAML

The following section provides resources that can help in configuring multi-factor authentication using SAML authentication for an Appian installation. SAML provides a secure method for users to be authenticated by an external identity provider in order to enable single sign-on capabilities. For enhanced security, customers can use multi-factor authentication mechanisms provided by SAML 2.0 supported identity providers.

If an Appian environment has been configured to work with SAML using the Admin Console, make sure all the settings work correctly by testing the connectivity and save the changes. There are no further changes required in Appian to enable MFA. MFA can now be configured on the identity provider's side.

The specific steps to perform this configuration varies with each identity provider and the multi-factor authentication methods they support. The following are examples of SAML identity providers that support MFA:

• PingIdentity
• Okta

LDAP and DUO Security

The following section provides instructions on configuring Duo Security (multi-factor authentication) with an existing Appian installation configured with LDAP.

1. If LDAP is not already configured, please review LDAP Authentication to configure LDAP with Appian.
2. Follow Duo's instructions on integrating Duo Security with an existing LDAP device. This guide provides instructions on installing a Duo proxy. Ensure that the Duo proxy and the AD machine are on the same subnet/can communicate with each other.
3. Update your existing Appian installation to point the LDAP server to the newly created Duo proxy server.
4. Open the Admin Console (/suite/admin).
5. Under Authentication > LDAP, update the URL to point to the Duo proxy server.