When a Fortune 500 global apparel and footwear company needed to streamline their multi-factor authentication (MFA) process, Collective Insights helped troubleshoot technical solutions that would accommodate the company’s diverse user base while controlling the number of prompts users faced throughout the day.
Multi-factor authentication protects organizations against compromised access credentials by requiring users to present two or more methods for identity verification before being granted access into systems. While highly valuable from a cybersecurity perspective, MFA adds friction for users as they have to verify their identity multiple times before accessing needed resources and tools. For this reason, it’s critical to strike a balance between maintaining highly secure access and keeping systems as accessible as possible to maintain high productivity levels.
The client needed to modernize their MFA protocols while streamlining the user experience to include fewer logins throughout the day. From a technical perspective, the existing solution was running on unsupported on-premises hardware, so our solution also required the reduction of legacy technical debt.
As our team led the client transition to a cloud-based solution for multi-factor authentication, we also had to contend with a key barrier to success: not all users had smart mobile devices or easy access to email. The solution being built would need to heavily consider the various user and device scenarios to verify their identity during the MFA process.
Solutions & Approach
Due to the client’s global footprint, we implemented the authentication solution using a phased approach so that we could troubleshoot challenges for specific user segments and geographic regions before moving on to the next. This approach ensured that systems remained accessible across the enterprise throughout implementation without any costly downtime.
We focused on shifting to the cloud while establishing effective conditional access policies. To address the needs of the full user base, those without phones or email would have the option of using software tokens and hardware tokens to authenticate their identity and gain system access. In parallel with the MFA effort, we performed an overall assessment of the client’s Azure Active Directory tenant to align the configuration with NIST recommendations that would help further secure the environment.
At the end of our first engagement with the client, we helped successfully roll out the new MFA solution to approximately 25,000 global end users over the course of several weeks. Through our collaboration, the client was able to retire and decommission their Active Directory Federation Services (ADFS) – which was no longer supported – while reducing the number of prompts for MFA without shutting out any segments of the user base.