Cisco Identity Intelligence (CII) collects MFA factor information from any available sources.
This article addresses some frequently asked questions around MFA factor usage and classification.
CII categorizes different types of MFA factors by strength according to the guidelines set forth in the latest NIST 800-63B standard, specifically the Authenticator Assurance Levels (AAL).
In the chart below, shown the Dashboard, authenticators may have an assurance level of Low, Medium, or High, which corresponds to AAL 1, 2, and 3, respectively.
A level of Unknown means that the identity source likely is using a 3rd party MFA provider or platform and the authenticator strength is not reported in the event details.
User MFA factors may have a variety of statuses reported by the identity system. Most factors will typically show as ACTIVE or DISABLED.
The list below provides the current factor mapping for each factor type encountered in the primary IDP and IAM systems.
NOTE: Factor types, names, and other details reported by the IDP and IAM systems are constantly evolving and changing, so the actual user interface may differ slightly.
Copy
['AZURE_AD', 'alternateMobilePhone', undefined, AssuranceLevel.Low],
['AZURE_AD', 'appCode', undefined, AssuranceLevel.Medium],
['AZURE_AD', 'appNotification', undefined, AssuranceLevel.Medium],
['AZURE_AD', 'email', undefined, AssuranceLevel.Low],
['AZURE_AD', 'mobilePhone', undefined, AssuranceLevel.Low],
['AZURE_AD', 'officePhone', undefined, AssuranceLevel.Low],
['AZURE_AD', 'securityQuestion', undefined, AssuranceLevel.Low],
['AZURE_AD', 'microsoftAuthenticator', undefined, AssuranceLevel.Medium],
['AZURE_AD', 'password', undefined, AssuranceLevel.Low],
['AZURE_AD', 'phone', undefined, AssuranceLevel.Low],
['AZURE_AD', 'softwareOath', undefined, AssuranceLevel.Medium],
['AZURE_AD', 'windowsHelloForBusiness', undefined, AssuranceLevel.High],
['AZURE_AD', '509 Certificate', undefined, AssuranceLevel.High],
['AZURE_AD', 'Other', undefined, AssuranceLevel.Unknown],
['AZURE_AD', 'microsoftAuthenticatorPasswordless', undefined, AssuranceLevel.High],
['AZURE_AD', 'mobileAppNotification', undefined, AssuranceLevel.Medium],
['AZURE_AD', 'temporaryAccessPass', undefined, AssuranceLevel.Low],
['AZURE_AD', 'QR code', undefined, AssuranceLevel.Medium],
['AZURE_AD', 'fido2', undefined, AssuranceLevel.High],
['AZURE_AD', 'platformCredentialAuthenticationMethod', undefined, AssuranceLevel.Unknown],
['CUSTOM', 'claims_provider', 'BeyondID_MFA', AssuranceLevel.Unknown],
['CUSTOM', 'claims_provider', 'Duo OIDC MFA', AssuranceLevel.Unknown],
['CUSTOM', 'token:hotp', 'Feitian Hardware TOTP', AssuranceLevel.Unknown],
['DEL_OATH', 'token', 'On-Prem MFA', AssuranceLevel.Unknown],
['DUO', 'd1', undefined, AssuranceLevel.Medium],
['DUO', 'bypass_code', undefined, AssuranceLevel.Low],
['DUO', 'duo_mobile_passcode', undefined, AssuranceLevel.Medium],
['DUO', 'duo_push', undefined, AssuranceLevel.Medium],
['DUO', 'phone_call', undefined, AssuranceLevel.Low],
['DUO', 'Passkey', undefined, AssuranceLevel.Medium],
['DUO', 'Platform_authenticator_(2fa)', undefined, AssuranceLevel.Medium],
['DUO', 'Platform_authenticator_(passwordless)', undefined, AssuranceLevel.High],
['DUO', 'Security_Key', undefined, AssuranceLevel.High],
['DUO', 'sms_passcode', undefined, AssuranceLevel.Low],
['DUO', 'Touch_ID', undefined, AssuranceLevel.High],
['DUO', 'u2ftoken', undefined, AssuranceLevel.High],
['DUO', 'web', 'DUO', AssuranceLevel.Unknown],
['DUO', 'WebAuthn_Chrome_Touch_ID', 'DUO', AssuranceLevel.High],
['DUO', 'yk', 'DUO', AssuranceLevel.High],
['DUO', 'verified_duo_push', undefined, AssuranceLevel.Medium],
['FIDO', 'webauthn', 'YubiKey 5', AssuranceLevel.High],
['FIDO', 'webauthn', 'Windows Hello Software Authenticator', AssuranceLevel.High],
['FIDO', 'webauthn', 'FIDO', AssuranceLevel.High],
['FIDO', 'webauthn', 'MacBook Touch ID', AssuranceLevel.High],
['FIDO', 'webauthn', undefined, AssuranceLevel.High],
['GOOGLE', 'google_otp', 'Google Authenticator', AssuranceLevel.Medium],
['GOOGLE', 'token:software:totp', 'GOOGLE', AssuranceLevel.Medium],
['GOOGLE', 'token:software:totp', undefined, AssuranceLevel.Medium],
['GUARDIAN', 'push', undefined, AssuranceLevel.Unknown],
['GUARDIAN', 'totp', undefined, AssuranceLevel.Unknown],
['GUARDIAN', 'webauthn-platform', undefined, AssuranceLevel.Unknown],
['OKTA', 'call', 'OKTA', AssuranceLevel.Low],
['OKTA', 'duo', 'Duo Security', AssuranceLevel.Unknown],
['OKTA', 'email', 'Email', AssuranceLevel.Low],
['OKTA', 'email', undefined, AssuranceLevel.Low],
['OKTA', 'google_otp', 'Google Authenticator', AssuranceLevel.Medium],
['OKTA', 'okta_email', 'Email', AssuranceLevel.Low],
['OKTA', 'okta_password', 'Password', AssuranceLevel.Low],
['OKTA', 'okta_verify', 'Okta Verify', AssuranceLevel.Medium],
['OKTA', 'password', 'Password', AssuranceLevel.Low],
['OKTA', 'push', 'OKTA', AssuranceLevel.Medium],
['OKTA', 'push', 'Okta Verify', AssuranceLevel.Medium],
['OKTA', 'push', undefined, AssuranceLevel.Medium],
['OKTA', 'question', 'OKTA', AssuranceLevel.Low],
['OKTA', 'security_question', 'Security Question', AssuranceLevel.Low],
['OKTA', 'signed_nonce', 'Okta Verify', AssuranceLevel.High],
['OKTA', 'sms', 'OKTA', AssuranceLevel.Low],
['OKTA', 'sms', undefined, AssuranceLevel.Low],
['OKTA', 'token:software:totp', 'OKTA', AssuranceLevel.Medium],
['OKTA', 'token:software:totp', undefined, AssuranceLevel.Medium],
['OKTA', 'webauthn', 'Security Key By Yubico with NFC', AssuranceLevel.High],
['OKTA', 'webauthn', 'YubiKey 5Ci', AssuranceLevel.High],
['OKTA', 'yubikey_token', 'Yubikey', AssuranceLevel.High],
['YUBICO', 'token:hardware', 'YUBICO', AssuranceLevel.High],
['YUBICO', 'token:hardware', undefined, AssuranceLevel.High],
['AZURE_AD', 'Other', undefined, AssuranceLevel.Unknown],
['AZURE_AD', 'platformCredentialAuthenticationMethod', undefined, AssuranceLevel.Unknown],
['AZURE_AD', 'SMS Sign-in', undefined, AssuranceLevel.Low],
['AZURE_AD', 'Temporary Access Pass', undefined, AssuranceLevel.Low],
['CLAIMS', 'external_idp', 'DUO OIDC MFA', AssuranceLevel.Unknown],
['CLAIMS', 'claims_provider', undefined, AssuranceLevel.Unknown],
['DUO', 'duo', 'Duo Security', AssuranceLevel.Unknown],
['DUO', 'h6', undefined, AssuranceLevel.Unknown],
['DUO', 'web', undefined, AssuranceLevel.Unknown],
['FIDO', 'webauthn', 'Security Key By Yubico', AssuranceLevel.High],
['HOTP', 'otp', 'FEITIAN c200 Token', AssuranceLevel.Medium],
['HOTP', 'otp', 'Legacy TOTP Token', AssuranceLevel.Medium],
['OKTA', 'call', undefined, AssuranceLevel.Low],
['OKTA', 'custom_otp', 'FEITIAN c200 Token', AssuranceLevel.Medium],
['OKTA', 'custom_otp', 'Token2 C105', AssuranceLevel.Medium],
['OKTA', 'duo', 'Duo Security', AssuranceLevel.Unknown],
['OKTA', 'external_idp', 'DUO OIDC MFA', AssuranceLevel.Unknown],
['OKTA', 'phone_number', 'Phone', AssuranceLevel.Low],
['OKTA', 'question', undefined, AssuranceLevel.Low],
['OKTA', 'security_question', 'Security Question For MFA', AssuranceLevel.Low],
['OKTA', 'signed_nonce', undefined, AssuranceLevel.High],
['OKTA', 'signed_nonce', 'OKTA', AssuranceLevel.High],
['OKTA', 'sms', 'Phone', AssuranceLevel.Low],
['OKTA', 'webauthn', 'YubiKey 5 FIPS', AssuranceLevel.High],
['OKTA', 'webauthn', 'YubiKey 5 FIPS with NFC', AssuranceLevel.High],
['OKTA', 'yubikey_token', 'YubiKey Authenticator', AssuranceLevel.High],
['YUBIKEY', 'otp', 'YubiKey Authenticator', AssuranceLevel.Medium] 
