Multi-factor authentication

Most Perforce instances are behind a secure firewall and require user passwords. Multi-Factor authentication adds an additional layer of security, in case a user password is compromised.

Multi-factor authentication (MFA) is a method of confirming a user's claimed identity. A user is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something they and only they know), possession (something they and only they have), and inheritance (something they and only they are).

Helix MFA is designed to support the most common factors:

• One Time Password (OTP) codes
• Third party or external prompts, such as a mobile app authentication or a phone call

To learn how Helix can support MFA, see:

• the Perforce Okta MFA trigger at https://swarm.workshop.perforce.com/projects/perforce_software-mfa/files/main/okta/okta-mfa.rb

• Triggering for multi-factor authentication (MFA), which:
  • explains the three types of triggers necessary for Helix MFA (auth-pre-2fa, auth-init-2fa, and auth-check-2fa)
  • shows an example of an auth-check-2fa trigger that Perforce has validated with Okta. To find out more about Okta and the factors it supports, contact your Okta administrator or see https://support.okta.com/help
  • includes comments intended to make this example a starting point for working with the API of other MFA services

Helix clients that support MFA require no configuration, just the installation of the standalone Helix MFA Authenticator app, which:

• provides the MFA login screen for Helix Core clients and plugins and is based on settings already configured on the server. (Helix clients that do not yet support MFA display an error about requiring MFA, but either the command-line interface or the standalome Helix MFA Authenticator can be run manually to complete authentication.)
• comes pre-packaged with the P4V installer, so when your users upgrade to the latest P4V, the app will already be part of the installer