Datawiza
Back to blog
December 5, 2025BlogTechnical

Add MFA Without an IdP: A Faster, Simpler Way to Secure Any Application

add mfa or 2fa to any apps without an idp

Multi-Factor Authentication (MFA or 2FA) has become table stakes for cybersecurity. Regulations such as NYDFS 500, NIS2, CMMC, PCI DSS v4.0, and others increasingly mandate MFA or 2FA across all applications — customer-facing portals, agent/broker systems, supplier portals, and internal legacy tools.

Yet many applications still rely on simple username-and-password authentication and cannot integrate with a modern Identity Provider (IdP). Some organizations do have IdPs (Okta/Auth0, Entra ID, Ping, Amazon Cognito, etc.), but the apps can’t connect. Others don’t want to use an IdP for certain portals.

This creates a common question:

How do you add MFA to an application that wasn’t designed for it — and without deploying a full IdP?

This is exactly what Datawiza solves.

With Datawiza, you can add MFA to any web application — without an IdP, without modifying the application, and without changing your existing login flow.

Why Adding MFA Can Be Hard (Even If You Have an IdP)

Identity Providers (IdPs) are powerful — and both workforce IAM (Okta, Entra ID, Ping) and CIAM platforms (Auth0, AWS Cognito, Entra External ID) can enable MFA.

But they all require one thing:

Your application must support modern protocols like OIDC, OAuth, or SAML.

That’s where most real-world problems begin.

Many applications simply can’t integrate with an IdP. Examples include:

  • Legacy portals built 10–20+ years ago
  • Applications using local SQL user tables
  • Custom-built internal apps
  • Vendor systems that cannot be modified
  • Older frameworks with proprietary login flows

Rewriting these apps or migrating them to an IdP can take months — or isn’t possible at all.

Why Some Organizations Still Don’t Want to Use an IdP for Certain Apps

Even when companies do have IdPs (including CIAM options), they often choose not to use them for specific portals. Common reasons include:

1. The cost model doesn’t fit

User-based or MAU-based licensing for CIAM IdPs can be expensive, especially for:

  • Large customer bases
  • Brokers/agents
  • Suppliers and vendors

Sometimes the organization “just needs MFA” — not a full CIAM investment.

2. The application would require major refactoring

Many operational portals cannot be altered:

  • Codebase is too old
  • Vendor will not support changes
  • Risk of breaking business workflows is too high

Connecting them to an IdP is not practical.

3. The organization wants to keep the existing login experience

Some industries (insurance, financial services, manufacturing) have portals where:

  • The username/password flow is deeply embedded
  • Users are comfortable with the current experience
  • Changing the login page would require retraining or vendor coordination

A light layer of MFA — without rewriting the app — is preferred.

4. Procurement, compliance, or data residency slows IdP adoption

Even if CIAM is a good long-term solution, rolling it out can take:

  • Months of legal review
  • Architecture approval
  • Procurement cycles
  • Data residency validation

But MFA requirements are immediate.

5. The business wants a simpler, faster approach

In many cases, the fastest and lowest-risk option is: Add MFA directly in front of the app — no IdP involved.

How Datawiza Adds MFA Without an IdP

Datawiza acts as a modern authentication layer in front of your application — without changing the application, its code, or its login method.

How it works

  1. A user accesses the portal as usual
  2. The application receives the same username/password it expects
  3. Datawiza intercepts the login request after the successful first-factor login
  4. Datawiza prompts for MFA
  5. After successful MFA, the request is forwarded to the application

No IdP. No protocol changes. No refactoring.

Supported MFA methods (built-in)

  • Email OTP
  • SMS OTP
  • TOTP (Google Authenticator, Authy, etc.)
  • WebAuthn / FIDO2

You get modern MFA instantly — without the weight of a CIAM or IAM platform.

Deployment is simple: just a DNS cutover

  1. Deploy Datawiza (SaaS, VM, or container)
  2. Set your application’s IP address
  3. Update DNS from portal.example.com → Datawiza

Done. MFA is live.

Where This Is Most Valuable

Customer portals

Add MFA without disrupting existing user databases.

Agent/Broker portals

Meet NYDFS, NIST, and NIS2 MFA requirements instantly.

Supplier / Vendor portals

Protect external users accessing sensitive systems.

Legacy internal applications

Secure apps that cannot be modernized or rewritten.

Custom-built business apps

No need to retrofit SAML/OIDC into old codebases.

Key Benefits

✔ Add MFA to any application — without rewriting code ✔ No IdP required (but compatible with IdPs if added later) ✔ Deploy in minutes with a simple DNS cutover ✔ Meet regulatory requirements fast ✔ Keep your existing login experience ✔ Lower cost vs re-platforming into CIAM ✔ Zero disruption to users or IT workflows

Real-World Example

A large insurance company needed to enforce MFA on a customer claims portal using a legacy SQL credential store. The portal could not be modified, and CIAM adoption would take months.

With Datawiza, they deployed MFA in one day — without touching the application code and without rolling out a new IdP.

Conclusion: MFA Without an IdP Is Not Only Possible — It’s Often the Best Approach

Identity Providers are powerful, but they’re not always the fastest or most practical way to secure legacy or externally facing applications. Datawiza gives organizations a flexible, lightweight, and immediate way to enforce MFA everywhere — even when IdP integration is impossible, undesired, or too costly.

Add MFA in minutes, not months. No rewrites. No IdP. No disruption.

Book a demo or contact us to learn how to modernize authentication for your apps—fast, secure, and without rewrites or a IdP.

Datawiza is Easy to Get Started

Sign up to secure your AI agents and critical enterprise apps

Try Datawiza