Two-factor authentication (2FA) is a security system that requires two separate, distinct forms of identification in order to access something: The first factor is a password and the second commonly includes a text with a code sent to your smartphone, or biometrics using your fingerprint, face, or retina.

Is it possible to configure two-factor authentication (2FA), a security system that requires two distinct forms of identification in order to access something, within the Cloud SWG service?

Cloud SWG setup to authenticate users via SAML.

Users always redirected to 3rd party SAML IDP server before being allowed to access URLs via Cloud SWG.

Cloud SWG.

3rd party SAML IDP server.

2FA/MFA authentication enabled on the authentication provider, rather than service provider.

To configure Symantec Cloud SWG for two-factor authentication, one needs to do so via the SAML Identity Provider.

The following links provide details to do so for the most common SAML IDP server platforms:

• Okta
• Azure
• Ping Federate
• Active Directory/ADFS

If 2FA is required for the Cloud SWG Portal, the admin users can do by registering MFA options at the Broadcom Portal, as defined here. This only applies for admin users accessing the Cloud SWG Portal; all Cloud SWG service users will need to follow the other options above.