What is a second authentication factor for application login?

A second authentication factor is an additional element used to confirm the user’s identity when accessing an application. Its purpose is to improve login security and reduce the risk associated with relying on a password alone.

In practice, this means that the username and password are no longer the only condition for gaining access. The user may be asked to complete an additional step, depending on the organization’s security policy.

Such a second factor may be based on:

• something the user knows – for example a password,
• something the user has – for example a phone or security key,
• something the user is – for example a fingerprint.

Thanks to this, even if the primary login credentials are discovered by an unauthorized person, they are not enough on their own to gain access to the application.

In this material, we focus on a scenario in which OpenText Advanced Authentication takes over the authentication process and makes it possible to secure application access using MFA.

What does the video show?

The video presents an application login scenario that uses OpenText Advanced Authentication as the system responsible for user authentication.

In the example shown, the application has been configured in advance to allow two login methods:

• the traditional method, using a username and password,
• and login through an external mechanism based on OpenText Advanced Authentication.

The material focuses on this second option. The user does not log in directly in the application itself, but is redirected to an external authentication system that is responsible for verifying identity.

Securing application login with a second factor – step by step

1. A previously prepared application integration
   The video begins with an application that has already been configured to work with OpenText Advanced Authentication. This is important because the material focuses not on the technical integration itself, but on showing the end result from the user’s perspective.

A button is visible on the screen that allows login using the external authentication system.

2. Two possible login methods
   In the scenario shown, the user can log in in two ways:

• traditionally, using a username and password,
• or through the external authentication mechanism.

This clearly shows the practical purpose of such a deployment. The organization can keep the standard application screen while also adding a more secure login option for selected users or for the entire environment.

3. Selecting login through OpenText Advanced Authentication
   After clicking the appropriate button, the user does not enter the password directly in the application. Instead, they are taken to an external login screen handled by OpenText Advanced Authentication.

This is a very important moment, because it clearly shows that the application hands over the identity verification process to a dedicated MFA system instead of handling it entirely on its own.

4. Redirection to the external authentication system
   The video shows that after moving to the external login screen, the user is taken to a form handled by OpenText Advanced Authentication. At this point, they enter the test user credentials and go through the login process.

The redirection itself has significant practical value. It makes it possible to manage authentication rules centrally instead of implementing them separately in each application.

5. User login
   In the example shown, the user enters their username and password. After the correct credentials are provided, the login completes successfully and the system redirects the user back to the application.

From the end user’s perspective, the entire process is simple and natural. In practice, the difference is that the application no longer relies only on its own login form for security, but instead uses a central identity verification system.

6. Returning to the application after successful authentication
   Once the process is complete, the user is redirected back to the application and gains access to its resources. The video shows that the end result is very similar to a traditional login – the user simply enters the application.

This is important because it illustrates one of the biggest advantages of this approach: security can be improved without making day-to-day work more complicated.

7. The possibility of extending the scenario with additional factors and authentication chains
   At the end of the material, it is clearly emphasized that the example shown does not have to be limited to just one step or one password. OpenText Advanced Authentication makes it possible to use more than one factor and build different authentication chains.

In practice, this means that the organization can extend the login scenario with:

• an additional biometric factor,
• a mobile method,
• a hardware key,
• other available mechanisms that align with the security policy.

This makes the scenario shown a good starting point for more advanced application protection.

Why is it worth securing applications with a second factor?

In many organizations, applications are still protected only by a username and password. This is simple, but often not enough – especially when the application provides access to corporate data, administrative settings, or sensitive information.

Adding a second factor offers several important benefits:

• it improves the security of application access,
• it reduces the risk resulting from password compromise,
• it makes it possible to centrally manage the login policy,
• it makes it easier to implement consistent authentication rules across multiple systems,
• it allows expansion with additional verification methods.

This is especially important where one application is not the only system in the organization and a consistent approach to access protection is needed.

What should you pay attention to during this type of deployment?

Although the scenario itself looks simple, it is worth remembering a few practical elements:

• the application must first be properly integrated with OpenText Advanced Authentication,
• it is worth deciding whether users should have an alternative login method or only MFA,
• the authentication chain policy should be carefully planned,
• it is worth deciding which applications should be covered by additional protection,
• it is a good idea to ensure a consistent user experience so that the new login process is secure but still convenient.

This ensures that the deployment is not just a technical integration, but a real strengthening of application access security.

Summary

The video shows that OpenText Advanced Authentication can effectively secure application login by taking over the authentication process and adding another layer of protection. The user selects login through the external system, is redirected to the authentication screen, confirms their identity, and only then gains access to the application.

This is a practical example of how MFA can protect not only Windows systems or workstations, but also access to applications used every day within the organization.