Question HLAA-08
If you don't support SSO, does your application and/or user-frontend/portal support multi-factor authentication? (e.g., Duo, Google Authenticator, OTP, etc.)
| Weight | 15 |
| High Risk | No |
| Required | Yes |
| Compliant Answer | Yes |
Standard Guidance
EDUCAUSE provides no guidance here
Answering "NO"
Describe any plans to support multi-factor authentication in your application.
Answering "YES"
List all supported multi-factor authentication methods, technologies, and/or products and provide a brief summary of each.
Reason for Question
2FA/MFA, implemented correctly, strengthens the security state of a system. 2FA/MFA is commonly implemented and in many use cases is a requirement for account protection purposes.
Follow-Up Inquiries
Ask the vendor about hardware and software options, future roadmap for implementations and support, etc.
HECVAT Pro Advice
[Add expert insights and best practices]
Implementation Tips
[Add practical steps for SME SaaS vendors]
FAQ
[Add common questions related to this HECVAT item]
Resources
[Add links to relevant articles or tools]