Enabling Multi-factor Authentication for WSO2 Identity Server Management Console

WSO2 Identity Server Management Console ships with the username/password based authentication. Following explains how to configure MFA.

1. Start WSO2 IS and login as an admin user with username/password, and go to Main --> Identity --> Service Providers --> Add --> fill details appropriately and Register

2. Expand the section Inbound Authenticators --> SAML2 Web SSO Configuration --> Configure. Then complete the SAML configuration as shown in the following image. Set the issuer to carbonServer, Assertion Consumer URL to https://localhost:9443/acs and check Enable Response Signing. Rest keep as defaults.

3. Under Local and Outbound Authentication Configuration, pick Advanced Configuration and define MFA.

4. Shutdown the server and edit the file IS_HOME/repository/conf/security/authenticators.xml and enable SAML2SSOAuthenticator by setting the value of the parameter disabled to false and the value of Priority element to 1.

5. Start the server and visit https://localhost:9443. Now you will notice that the login page has changed with MFA.