Skip to content
Griffin31 Help Center

Multifactor authentication in external tenants

adds a layer of security to your applications by requiring users to provide a second method for verifying their identity during sign-up or sign-in. External tenants support two methods for authentication as a second factor:

  • Email one-time passcode
  • SMS based authentication, available as an add-on .

Enforcing MFA enhances your organization’s security by adding an extra layer of verification, making it more difficult for unauthorized users to gain access.

SMS-BASED AUTHENTICATION (PREVIEW)

SMS is available at additional cost for second-factor verification in external tenants. Currently, SMS is not available for first-factor authentication or self-service password reset in external tenants.

When SMS is enabled for MFA, users sign in with their primary method and are prompted to verify their identity with a code sent via text. They enter their phone number and receive an SMS with the verification code.

External ID mitigates fraudulent sign-ups and sign-ins via SMS by enforcing the following measures:

  • Telephony throttling limits help prevent outages and slowdowns. See .
  • CAPTCHA for SMS MFA helps prevent automated attacks by distinguishing human users from automated bots. If a risky user is detected, we block the user from signing in or ask the user to complete a CAPTCHA before sending an SMS verification code.