Our product MCe LoginHub allows you to use the identity provider of your choice, such as Microsoft Entra ID (Previously called Azure AD), Auth0, Ping, Google etc.., to manage your users, their rights as well as handle the login process. You then in those products use whatever 2FA or MFA you wish to that those products support.

 For most providers it uses SAML 2 or OpenID Connect, or a specific variation on one of those such as Entra ID's. You choose then how much of the user management to do in the Identity provider. Most customers manage groups that then translate to access groups in the CMMS. These protocols are used to communicate with the identity provider who then uses whatever security, including 2FA or MFA that they have set up for the user to identify the user and authenticate them.

 In the login process, the Identity provider is asked to authenticate the user and then tell us facts about the user that it knows that you have decided are appropriate for  deciding the rights of the user, it then using a time limited secure token returns the information, if available, to either let or refuse entry to the user, and to assign their current rights. The 2FA and/or MFA and or neither is managed entirely on the identity provider side, it is transparent to us.