Documentation
HECVAT Full v3.0.6
Authentication, Authorization, and Accounting
AAAI-12

Question AAAI-12

If you don't support SSO, does your application and/or user-frontend/portal support multi-factor authentication? (e.g., Duo, Google Authenticator, OTP, etc.)

Weight15
High RiskNo
RequiredNo
Compliant AnswerYes

Standard Guidance

EDUCAUSE provides no guidance here

Answering "NO"

Describe any plans to support multi-factor authentication in your application.

Answering "YES"

List all supported multi-factor authentication methods, technologies, and/or products and provide a brief summary of each.

Reason for Question

2FA/MFA, implemented correctly, strengthens the security state of a system. 2FA/MFA is commonly implemented and in many use cases is a requirement for account protection purposes.

Follow-Up Inquiries

Ask the vendor about hardware and software options, future roadmap for implementations and support, etc.

HECVAT Pro Advice

[Add expert insights and best practices]

Implementation Tips

[Add practical steps for SME SaaS vendors]

FAQ

[Add common questions related to this HECVAT item]

Resources

[Add links to relevant articles or tools]