External Authentication vs External MFA

When integrating external services into the Q2 system, it’s important to understand the differences between External Authentication and External Multi-Factor Authentication (MFA). Both serve to enhance security and user management, but they do so in distinct ways and are used in different contexts.

External Authentication, also known as Inbound SSO, focuses on delegating the entire authentication process to an external provider and allows an external authentication provider to manage user credentials. This means that the external provider handles the login process, and Q2 relies on this provider to authenticate users. Key points include:

  • User Credentials Management: The external provider holds and manages user credentials.

  • RequestTypes: Q2 provides various interfaces (RequestTypes) like Change Password, which can be customized to interact with the external provider.

  • System Properties: Enabling External Authentication involves setting specific system properties and configuring the Q2 system to recognize and use the external provider.

  • Workflow: The workflow involves creating an extension, enabling it at the system level, and implementing handlers for specific RequestTypes.

For more details, refer to the Third Party Authentication Overview and External Authentication Extension Tutorial.

External Multi-Factor Authentication (MFA) delegates secondary, or step up authentication, to an external provider. This can include SMS codes, authenticator apps, or other methods. Key points include:

  • Additional Security Layer: External MFA adds an extra layer of security by requiring multiple forms of verification.

  • Integration Points: External MFA can be integrated into various points such as login, transaction authorization, and event-driven validation.

  • Extension Creation: Creating an External MFA extension involves setting up a Server Side Rendered (SSR) or Client Side Rendered (CSR) extension that handles the MFA process.

  • Token Management: The extension generates and manages MFA tokens, which are verified by the Q2 system during the authentication process.

  • Workflow: The workflow involves creating an extension, handling user input, generating tokens, and verifying these tokens through the Q2 system.

For more details, refer to the External MFA Overview and External MFA Tutorial.