An architecture for providing multi-factor authentication as a service in a mobile environment is proposed, resting on the principle of a loose coupling and separation of duties between network entities and the end user devices. The multi-factor authentication architecture leverages Identity Federation and Single-Sign-On technologies, such as the OpenID framework, in order to provide for a modular integration of various factors of authentication. The architecture is robust and scalable in order to support any number of authentication factors, which may be executed dynamically according to service providers’ authentication policies. Additionally, the architecture provides for the mapping of defined assurance level requirements posed by service providers, to concrete authentication factors, taking into account the varied authentication capabilities of users’ devices.