# Application Security ### User Interfaces Mago is a cloud-based platform which can be accessed via native apps (Mago for Windows / Android), mobile (Mago App for iOS and Android), and web interface through a number of popular web browsers on both desktop and mobile (Mago App for web, Mago Admin Center). The Mago software consumes a REST API provided by our Mago API Service which is credential secured over TLS 1.2. All communication with the REST API, and our IIS services, are over TLS (port 443) with 2048-bit asymmetric encryption and 256-bit symmetric encryption. The Hubs are authenticated on our servers using a 4 step authentication process with SASL. All inbound and outbound data from our backend layer is encrypted and transmitted over TLS with 2048-bit asymmetric encryption and 256-bit symmetric encryption using certificates from third party credited authorities. Network communication is protected using the latest in technology to secure all your video, audio and data. Using the TLS cryptography protocol, previously referred to as SSL, we provide protection using a 2048-bit asymmetric key in conjunction with a 256-bit symmetric session key. More information on ports used can be found within this document. ### User Authentication Mago offers two different authentication methods to its Cloud users: * Basic username and password authentication * Third-party Identity Provider authentication (OAuth 2.0) #### Basic Authentication The Basic authentication requires a valid email address that undergoes an initial verification process through a confirmation email, and a password that must match our strong password policy. #### Third-party Identity Providers Alternatively, Mago supports the following third-party identity providers: Google, Microsoft, Apple. Authentication with third-party identity providers is made via a secure OAuth 2.0 process. Mago has obtained app marketplace / app store certification from all the supported third-party identity providers. #### Multi-Factor Authentication Mago users can add an additional security layer by activating the Multi-Factor Authentication. Mago currently supports MFA via Authenticator App OTC, Email OTC, SMS OTC. #### SSO (On-prem deployment only) Enterprise On-premises accounts can set up SAML-based SSO giving their team members access to Mago Server through an identity provider (idP) of their choice. A SAML 2.0 ldP like Azure AD can be chosen to set up authentication within your secure network. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://kb.mago.io/tech-docs/security/application-security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.