Enterprises can control user access to enterprise applications, such as web applications, by authenticating users via user credentials, such as a username and password. Enterprises may wish to provide a more secure environment by implementing strong authentication, also known as second-factor authentication. Second-factor authentication requires a user to provide additional evidence of who they are, for example, via a one-time password (OTP), a digital certificate (e.g., public key infrastructure (PKI) certificate), a fingerprint, etc.
Traditionally, enterprises develop proprietary application programming interfaces (APIs) to integrate a strong authentication service provider into an existing application infrastructure. In addition, enterprises must modify existing front-end application user interfaces and back-end database schemas to support second-factor authentication. For example, for an enterprise that wishes to integrate second-factor authentication via digital certificates into an existing architecture, the enterprise must change an existing database schema and add application logic to determine whether users have PKI certificates, verify the PKI certificates, provision PKI certificates, etc. Such a change to existing enterprise architecture is often time-consuming and may require additional development resources and add overhead to the enterprise application.