Passport is an Identity Management System. It is the repository of all users of the Motionite system. Before any user or service can communicate with an aspect of Motionite, that entity needs to prove their identity with Passport. It uses IdentityServer4 to ensure the highest level of security.
Traditional systems, like a single secured website, typically have a login page. The website would collect the users credentials and verify them against a datastore. The website would then control access to it's resources based upon that user information.
The traditional method will work for small deployments but it does not scale well.
Instead of each service managing it's own identity, a better approach is to have a centralised service. Then instead of passing user credentials between services, we can pass tokens. Tokens have the benefit of being only valid for a short period of time, and being transparent.
For a website to authenticate a user with Passport, the website will redirect the browser to the Passport login page. Here the user can enter their credentials securely. Upon a successful login, the browser will redirect back to the original website and return the Token. The website will then use the Token to determine it's security needs. If the browser navigates to another website governed by Passport then the same Token will be used with that website.
Lots of articles have been written on OAuth and OpenID Connect. Here a re just a few if you are interested
The use of Two-Factor Authentication is available in Passport. It can be activated by the individual user throught the Passport Web Portal, or alternatively carried out by a MView Operator within MView. In either case an authenticator app is required. This will be configured with the secret key determined by Passport (by QR Code o manually entering a key). From then on the user will be required to enter their username and password credentials as well as the authentication code generated by the authenticator app whenever they sign in.
Examples of authenticator apps: