Multi-factor authentication (MFA) has been a part of Helmholtz ID for several years: At the beginning of 2023, Helmholtz ID started offering MFA on demand for users. By mid 2023, MFA became mandatory for system administrators and VO managers. Early in 2025, MFA was simplified for users by honoring MFA performed by their home organization, eliminating the need for a second factor if the home organization provides information about completed MFA.
As the Helmholtz Cloud offers an increasing number of services, some of which handle sensitive data, it has become increasingly important for services to require users to perform MFA before granting access. To address this, Helmholtz ID now supports MFA requests during the login process for services using the OAuth2 protocol. To prevent duplicate MFA requests for users, Helmholtz ID forwards these requests to the home organization.
Afterward, Helmholtz ID signals the use of MFA to connected services (clients) via the ACR claim.
Services interested in MFA usage but not enforcing it can request information about MFA usage by requesting the acr scope,
which will only provide information if MFA was performed.
Contact
Should you have any questions or comments, don’t hesitate to contact the HIFIS team at support@hifis.net.