I believe this question may have already been answered, but I’d like to double-check just to be safe!

After the Yokohama update, we’ve noticed that an MFA info message is being displayed even for users logging in via SSO.

According to the following knowledge article, I understand that MFA enforcement should not apply to users who authenticate through SSO (e.g., SAML, OIDC, Certificate-Based Authentication):

KB1709783 - Is MFA required for Single-Sign-On (SSO) logins?%20on%20the%20IdP%20side.)

“No. With the default secure MFA policy, MFA is not required for SSO (SAML, OIDC, Certificate Based Authentication etc.) logins.”

We’ve managed to hide the MFA info message using the following settings:

• glide.authenticate.multifactor.enforcement.show_user_info_message

• glide.authenticate.multifactor.enforcement.acknowledged

However, I’m still concerned because this message was shown to SSO users, which makes me question whether MFA enforcement might still apply to them after the 30-day grace period.

Could anyone confirm that SSO users will not be subject to forced MFA enforcement after the 30 days, despite the info message being shown?

Thanks in advance for your help!