18.1 Security policies | Application-level & feature security | Multi-factor authentication policies

Application-level security
Application-level security focuses on protecting the application from outsiders and unauthorized users. For example, with application-level security you:

Reduce the risk of unauthorized users getting into or stealing data from your application
Identify authorized users who need access to the application
Create password and authentication policies
Application-level security considers all the ways you can protect the application, such as using third-party security tools or setting up multi-factor authentication. The goal of application-level security is to make it impossible for non-authorized users to break into, read, or otherwise access your application.

Feature security
Feature security focuses on the application by determining the case types, features, and data that authorized users can or cannot access. For example, with feature security you:

Set up security roles for personas identified in each case type so that authorized users can access the application features they need
Prevent users from viewing features or accessing data to which they should not have access
Design role-based access control (RBAC), attribute-based access control (ABAC), and client-based access control (CBAC)

Two-factor authentication is a subset of multi-factor authentication, in which users provide two pieces of evidence at login.