Multi-Factor Authentication
Multi-factor authentication (MFA) strengthens security by requiring users to provide more than one form of identification to authenticate their identity when they attempt to access servers or applications. Multi-factor authentication challenges might require users to type a password, respond to an email message or phone call, enter a passcode, or answer a security question. Audit events in the MFA category focus on the success and failure of MFA challenges.
Multi-Factor Authentication Audit Event Log Sample
The following is a sample of an audit event log for Centrify Audit Event ID 54100. This log sample documents the success of an MFA challenge. The change was made by user=laniu1(type:ad,laniu1@SINGLE01.CDC) on April 20 at 14:51:18.
Apr 20 14:51:18 sol112x64v3 adclient[5640]: [ID 702911
auth.info] INFO AUDIT_TRAIL|Centrify Suite|MFA|1.0
|100|MFA challenge succeeded|5|user=laniu1(type:ad,
laniu1@SINGLE01.CDC) pid=6160 utc=1461135078139
CentryifyEventID=54100 DAInst=AuditingInstallation
DASessID=c72252aa-e616-44ff-a5f6-d3f53f09bb67
status=SUCCEED service=sshd tty=ssh client=::1
challenge=EMAIL
Multi-Factor Audit Events
MFA Audit Events
| Event Id | Description | Parameters |
|---|---|---|
| 54100-Deprecated | MFA challenge succeeded This event has been deprecated. Use Centrify Event Id 54102 introduced in release 2017.3 instead. | service: service tty: tty client: client challenge: challenge |
| 54101-Deprecated | MFA challenge failed This event has been deprecated. Use Centrify Event Id 54103 introduced in release 2017.3 instead. | service: service tty: tty client: client challenge: challenge reason: error message |
| 54102 | MFA challenge succeeded added in release 2017.3 | service: service tty: tty authmethod: Reserved. factorcount: Number of MFA challenges factors: MFA challenges used. mfaresult: MFA challenge status. sourcehost: Remote host username: Username entityname: local system name devicetype: host operating system type initiatortype: MFA event type entitytype: event type description rolename: DirectAuthorize role used command: command used |
| 54103 | MFA challenge failed added in release 2017.3 | service: service tty: tty authmethod: Reserved. factorcount: Number of MFA challenges factors: MFA challenges used. mfaresult: MFA challenge status. sourcehost: Remote host username: Username entityname: local system name devicetype: host operating system type initiatortype: MFA event type entitytype: event type description rolename: DirectAuthorize role used command: command used reason: error message |
| 54200 | MFA challenge succeeded | service: service challenge: challenge |
| 54201 | MFA challenge failed | service: service challenge: challenge reason: error message |
| 54202 | MFA is offline | service: service reason: error message |
| 54203 | MFA is skipped | service: service reason: message |
| 54204 | MFA challenge succeeded added in release 2017.3 This event has been deprecated. Use Centrify Event ID 54206 instead, which was introduced in release 2018. | service: service authmethod: authmethod factorcount: factorcount factors: factors mfaresult: mfaresult sourcehost: sourcehost username: username entityname: entityname entitytype: entitytype devicetype: devicetype rolename: rolename command: command |
| 54205 | MFA challenge failed added in release 2017.3 This event has been deprecated. Use Centrify Event ID 54207 instead, which was introduced in release 2018. | service: service reason: error message authmethod: authmethod factorcount: factorcount factors: factors mfaresult: mfaresult sourcehost: sourcehost username: username entityname: entityname entitytype: entitytype devicetype: devicetype rolename: rolename command: command |
| 54206 | MFA challenge succeeded Added in release 2018 | service: service authmethod: authmethod factorcount: factorcount factors: factors mfaresult: mfaresult sourcehost: sourcehost username: username entityname: entityname entitytype: entitytype initiatortype: initiatortype devicetype: devicetype rolename: rolename command: command |
| 54207 | MFA challenge failed Added in release 2018 | service: service reason: error message authmethod: authmethod factorcount: factorcount factors: factors mfaresult: mfaresult sourcehost: sourcehost username: username entityname: entityname entitytype: entitytype initiatortype: initiatortype devicetype: devicetype rolename: rolename command: command |
| 54208 | Setup MFA offline profile succeeded added in release 18.11 | Username: The name of user configurationType: The MFA offline confguration type deviceType: The MFA offline device type |
| 54209 | Setup MFA offline profile failed added in release 18.11 | Reason: The reason why it is failed Username: The name of user configurationType: The MFA offline confguration type deviceType: The MFA offline device type |
| 54210 | MFA challenge succeeded added in release 19.6 | service: service authentication: authentication challenge: challenge |
| 54211 | MFA challenge failed added in release 19.6 |