Tanflow IAM Suite · Capability
Multi-Factor Authentication
Passwords alone stopped being a defence years ago. Add factors that attackers cannot phish from a database dump.
Overview
Every login, verified twice
Tanflow MFA layers time-based one-time passwords, email and SMS OTP, and adaptive step-up challenges over every authentication the platform handles - SSO logins, admin consoles and privileged sessions alike.
Standards-based (RFC 6238) support for Google Authenticator, Microsoft Authenticator and any TOTP app - no vendor lock-in, works offline.
One-time codes over channels every user already has, with configurable expiry and retry limits.
Trigger additional factors on risk signals: new device, unusual hours, sensitive application, or privileged role.
Require MFA everywhere, or only for sensitive apps and admin roles - policy is yours to shape.
Controlled, logged fallback flows so a lost phone is a helpdesk moment, not a lockout crisis.
Why it matters
Outcomes you can put in front of an auditor
- Blocks credential-stuffing and phished-password attacks outright
- Satisfies MFA mandates in RBI, SEBI, PCI DSS and CERT-In guidance
- Adaptive policy keeps friction low for everyday, low-risk logins
- MFA for everyone in the organisation, not a licence-limited subset
- Every challenge and response captured in the audit log
Part of Tanflow IAM Suite
This capability ships as a module of the Tanflow IAM Suite - one platform for authentication, governance and provisioning, built to scale across the enterprise.
Explore the full platform →FAQ
Common questions
Do users need a specific authenticator app?
No. Tanflow implements standard TOTP, so any RFC 6238-compatible app works - Google Authenticator, Microsoft Authenticator, FreeOTP and others.
Can MFA be enforced for privileged sessions in Tanflow PAM?
Yes. The same MFA engine protects PAM gateway logins, so a vaulted root credential can never be reached with a password alone.
What happens when a user loses their device?
Administrators trigger a controlled re-enrolment: identity is verified through the workflow you configure, old factors are revoked, and the entire event is logged.
Free companion app
Download the Tanflow Authenticator
Enhance your security with the Tanflow Authenticator - a free, TOTP-based two-factor authentication app. Generate time-based one-time passwords entirely on your device, offline, for Google, Microsoft, GitHub, AWS and any service that supports TOTP.
- Standards-based TOTP - works offline, no account required
- Add accounts by QR scan or manual secret key
- Search, manage and reset from a clean, simple interface
See Multi-Factor Authentication in action
A focused demo against your environment and your compliance requirements.