LightOn, we take these requirements seriously and have designed Paradigm to support flexible and robust authentication methods. Here's how we handle MFA today.
What Paradigm Offers Today
Paradigm supports two main authentication modes, each with its own approach to MFA:
1. SSO-Based Authentication with External MFA
If your organization uses a Single Sign-On (SSO) provider such as Google Workspace, Azure AD, Okta, or another identity platform, Paradigm integrates seamlessly with it.
🔐 In this setup, authentication is fully delegated to your SSO provider — including enforcement of security policies such as password complexity, session expiration, and, of course, MFA.
✅ MFA is therefore already supported today via your identity provider.
This is our recommended setup for enterprise clients, especially those with strong security and compliance requirements.
2. Password-Based Authentication (Without SSO)
In scenarios where SSO is not used, Paradigm falls back to its own password-based authentication.
🚫 Currently, this mode does not include built-in MFA, but...
What’s Coming: Native MFA in Paradigm
The good news is that Paradigm is built on top of an authentication library that natively supports MFA (e.g., via TOTP or WebAuthn). The functionality is already present in the framework — it simply needs to be integrated into our application layer.
🔧 Our engineering team estimates that native MFA can be implemented in one release cycle (approximately4 weeks ).
This means that if a customer requires it, we can deliver native MFA support very quickly.