Tanflow IAM Suite & PAM - enterprise identity and privileged access security for the modern enterprise. Get a Demo →

Tanflow IAM Suite · Capability

Multi-Factor Authentication

Passwords alone stopped being a defence years ago. Add factors that attackers cannot phish from a database dump.

Overview

Every login, verified twice

Tanflow MFA layers time-based one-time passwords, email and SMS OTP, and adaptive step-up challenges over every authentication the platform handles - SSO logins, admin consoles and privileged sessions alike.

TOTP authenticator apps

Standards-based (RFC 6238) support for Google Authenticator, Microsoft Authenticator and any TOTP app - no vendor lock-in, works offline.

Email & SMS OTP

One-time codes over channels every user already has, with configurable expiry and retry limits.

Adaptive step-up

Trigger additional factors on risk signals: new device, unusual hours, sensitive application, or privileged role.

Per-application policy

Require MFA everywhere, or only for sensitive apps and admin roles - policy is yours to shape.

Recovery workflows

Controlled, logged fallback flows so a lost phone is a helpdesk moment, not a lockout crisis.

Why it matters

Outcomes you can put in front of an auditor

  • Blocks credential-stuffing and phished-password attacks outright
  • Satisfies MFA mandates in RBI, SEBI, PCI DSS and CERT-In guidance
  • Adaptive policy keeps friction low for everyday, low-risk logins
  • MFA for everyone in the organisation, not a licence-limited subset
  • Every challenge and response captured in the audit log

Part of Tanflow IAM Suite

This capability ships as a module of the Tanflow IAM Suite - one platform for authentication, governance and provisioning, built to scale across the enterprise.

Explore the full platform →

FAQ

Common questions

Do users need a specific authenticator app?

No. Tanflow implements standard TOTP, so any RFC 6238-compatible app works - Google Authenticator, Microsoft Authenticator, FreeOTP and others.

Can MFA be enforced for privileged sessions in Tanflow PAM?

Yes. The same MFA engine protects PAM gateway logins, so a vaulted root credential can never be reached with a password alone.

What happens when a user loses their device?

Administrators trigger a controlled re-enrolment: identity is verified through the workflow you configure, old factors are revoked, and the entire event is logged.

Free companion app

Download the Tanflow Authenticator

Enhance your security with the Tanflow Authenticator - a free, TOTP-based two-factor authentication app. Generate time-based one-time passwords entirely on your device, offline, for Google, Microsoft, GitHub, AWS and any service that supports TOTP.

  • Standards-based TOTP - works offline, no account required
  • Add accounts by QR scan or manual secret key
  • Search, manage and reset from a clean, simple interface

See Multi-Factor Authentication in action

A focused demo against your environment and your compliance requirements.