MFA (Multi-Factor Authentication)
Authentication that requires two or more independent factors — typically something you know (password / PIN), something you have (TOTP authenticator / FIDO2 security key / push-notification approval), and/or something you are (biometric). MFA is now baseline expectation for all enterprise application access; insurance carriers and regulatory frameworks (NYDFS Part 500, PCI DSS 4.0, federal Zero Trust mandates) require it.
AE Guardian doesn't enforce MFA itself — MFA enforcement is owned by the customer's IdP (Okta Sign-On Policy, Entra ID Conditional Access, PingFederate Authentication Policy). When AE Guardian uses SSO via one of the saml connectors, MFA enforcement flows through automatically: the IdP requires MFA before issuing the SAML assertion. The connectors don't need any AE-side MFA configuration.
For the few authentication paths where AE Guardian authenticates directly (no SSO), MFA is enforced via AE's own configuration. These paths are rare in production deployments.
What other systems call it
Per-vendor / per-standard terminology for this same concept.
| System | Term / Notes |
|---|---|
| OKOkta | Sign-On Policy (controls MFA requirements per app / per user / per location) |
| MEMicrosoft Entra ID | Conditional Access (Entra Premium P1+) — MFA + risk-based gating |
Used by 9 connectors
Connectors in the catalog that reference this concept.