Hi All,
We are exploring options for adding 2FA to a Marketo landing page.
The context - the landing page will house the terms and conditions of our NDA and the user has to click the checkbox to digitally accept the NDA terms and conditions. At the same time, we want to make sure that the correct person is accepting the NDA. For this, we want to use 2-factor authentication.
Has anyone implemented something similar in Marketo? Any integrations that can help?
Regards,
Liju
Solved! Go to Solution.
Well... I admire your sense of adventure!
A Marketo LP isn’t the place for advanced 2FA like an OTP Authenticator. You could integrate with an SMS OTP service, but validation would have to occur on the Marketo server side using a webhook. Seems like overkill.
Instead, why not use an email as your second factor, like apps do for passwordless login nowadays? Send the person an email with a tracked link to a Marketo LP. The LP has a form that’s just one big confirmation button and no other fields. The button — this is important — is not automatically clicked using code, so it requires human interaction. When you get the Filled Out Form, that means they confirmed their identity.
Now in a wider security sense this wouldn’t pass muster, because the person’s link wouldn’t expire after a certain # of days.* But it may be fine for you.
* The tracked link would stop redirecting after a time,
but if they saved the final LP URL, they could visit the page much later.
Well... I admire your sense of adventure!
A Marketo LP isn’t the place for advanced 2FA like an OTP Authenticator. You could integrate with an SMS OTP service, but validation would have to occur on the Marketo server side using a webhook. Seems like overkill.
Instead, why not use an email as your second factor, like apps do for passwordless login nowadays? Send the person an email with a tracked link to a Marketo LP. The LP has a form that’s just one big confirmation button and no other fields. The button — this is important — is not automatically clicked using code, so it requires human interaction. When you get the Filled Out Form, that means they confirmed their identity.
Now in a wider security sense this wouldn’t pass muster, because the person’s link wouldn’t expire after a certain # of days.* But it may be fine for you.
* The tracked link would stop redirecting after a time,
but if they saved the final LP URL, they could visit the page much later.