CSM login and MFA: enforce MFA for Contacts [customer_contact]
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-04-2025 05:22 AM
Hi,
currently on the CSM portal, Contacts [customer_contact] can log in without MFA. I would like to enforce MFA for them.
I updated up the OOTB Role based multi-factor authentication [multi_factor_criteria] (d427668b73003300fdbd04fbc4f6a7b6) by adding the snc_external, sn_esm_user roles but Contacts can still log in without MFA. I do not understand what configuration is missing/wrong.
Note:
- Internal users [sys_user] can log in with SSO. They do not need MFA.
- External users [sys_user] such as External consultants log in with MFA.
- if External users try to log in on the CSM portal, they are redirected to MFA successfully.
Best regards,
Maron
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-04-2025 05:46 AM
Hi @maronis
Have you enabled Multifactor Authentication field for the external users on user record?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-04-2025 08:20 AM
Hi Raj92,
later on, I also checked the enable MFA on the user profile but it does not help.
Best regards,
Maronis

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-05-2025 08:35 PM
Can you please confirm if the Adaptive authentication and multi-factor authentication system properties are turned on?

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-04-2025 07:00 AM - edited 04-04-2025 07:00 AM
Please use the Adaptive Authentication MFA context Policy.
it gives you the flexibility to craft your condition for various personas.