Supported Authentication Factors

📊 Factor Comparison Matrix

Authentication FactorMobile App RequiredManual EnrollmentAuto-Available
1🔔 Ditto IDVerify Push✅ Required❌ No✅ Yes*
2📱 Time-based OTP✅ Required❌ No✅ Yes*
3🔒 Password❌ Not Required✅ Yes❌ No
4📲 SMS OTP❌ Not Required✅ Yes❌ No
5📧 Email OTP❌ Not Required✅ Yes❌ No

*Automatically available after Ditto ID mobile app enrollment


🏗️ Factor Categories

🏢 Enterprise Factors (Ditto ID Mobile App Based)

  • Automatic Setup: Available immediately after mobile app enrollment
  • High Security: Provide strongest authentication security
  • Offline Support: Time-based OTP works without internet connection
  • Real-time: Push notifications provide immediate authentication

🌐 Web-Only Factors (Manual Enrollment Required)

  • Explicit Setup: User must manually register during activation
  • Independence: Work without Ditto ID mobile app
  • Accessibility: Suitable for users who cannot install mobile app
  • Flexibility: Multiple communication channels available

⚙️ Administrative Configuration

Hard-Coded vs Configurable Factors

Authentication FactorHard-CodedConfigurableAdmin Control
Ditto IDVerify Push Notification✅ Always On❌ NoCannot disable
Time-based OTP (Mobile)✅ Always On❌ NoCannot disable
Saved Browser (rememberMe)❌ Configurable✅ YesCan enable/disable
Password (alwaysAskForPassword)❌ Configurable✅ YesCan force requirement
SMS-based OTP❌ Configurable✅ YesCan enable/disable
Email-based OTP❌ Configurable✅ YesCan enable/disable

Configuration Impact

  • System Level: Administrators control which factors are available
  • User Level: Users can only use factors enabled by administrators
  • Login Flow: Available factors determine authentication options presented
  • Registration: Factor availability affects user activation process