@Ambuj Tripathi  : regarding the Post Authentication Policy Context.

I have already available one which OOTB, but it is different what you are suggesting to update, should I modify this ? I am not able to create a new one as new button is not available to create even for admin
In your post auth policy, you have configured "allow policy" as default one but in this OOTB one, it is updated as "Deny policy". Should I change my post auth policy context and configured like yours ?

also in the below conditions, can we add one more condition which add the users for which we have MFA configured and allow local login, so here are the total 3 conditions.

[] Allow admin to do local login as well as SSO
[] only allow SSO login to non-admins, restrict local login.

[] allow local login to MFA configured users.

Yes, you can change from deny policy to allow policy and vice-versa. This operation will also change the default allow policy associated in the policy context.

From the (i) info icon of the policy, you can open the policy or directly go to sys_authentication_policy table to update the policy.

Users with admin role should be able to modify the policy. New context creation isn't allowed, so you need to modify the exising Post auth policy context only.

To modify the policy condition, you need to create the new policy criteria first and add it as policy input in the above policy (plz refer to the earlier attached screenshots). Then modify the policy condition and adjust it according to your use case.

Additionally, you need to enable the adaptive authentication feature property - glide.authenticate.auth.policy.enabled and policy associated with the above post auth policy context to effectively enforce the policy.

@Ambuj Tripathi : Is there an option to add a below condition as well to allow local login
[] allow local login to MFA configured users.

Hi @Ambuj Tripathi 

When I set the policy condition, hasAdminRole doesn't appear in the dropdown list. How can I get it to appear?