- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-05-2024 11:37 AM
Hello,
Has anyone setup additional types of authentication for the TPRM (Third-party risk management) vendor portal (/svdp)?
OOTB uses local accounts using the Vendor Contact records, and there's restrictions for these 3rd party vendor contacts to only access the vendor portal.
For example, any experience setting up MFA or other types of authentication, and if so, any tips on configuring that?
Thank you, Dan
Solved! Go to Solution.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-06-2024 07:11 AM
Hi @Dan Y25 ,
Yes, you can enforce MFA for vendor logins. You can use the adaptive authentication - MFA context policy to enforce this security control.
Here is the product documentation.
You can create a role filter criteria with the role(s) provided to vendor portal users.
Then, you can create an adaptive authentication policy and use this criterion. You can add a condition and associate the policy with the MFA context record.
For additional details, please refer to this 30-minute Adaptive Authentication course on NowLearning.
Thanks,
Randheer

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-19-2024 08:13 AM
Hi @Dan Y25 .
I'm sorry, I was not explicit in saying you can NOT use the pre-auth context policy.
For your use case, you have to use the post-authentication context policy along with other protections like API access policies and session validation context policy (Available from the W release)
Thanks,
Randheer
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-19-2024 05:30 AM
Thank you, @Randheer Singh, for your reply.
The issue we have is that the 3rd party contacts will not pass the IP filter in order to attempt a login, and therefore I assume it will not reach the post-authentication context policy.
I assume this is not the first time for this scenario for the TPRM third party portal.
Any advice or suggestions? Or can you check with others?
Thanks again, Dan

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-19-2024 08:13 AM
Hi @Dan Y25 .
I'm sorry, I was not explicit in saying you can NOT use the pre-auth context policy.
For your use case, you have to use the post-authentication context policy along with other protections like API access policies and session validation context policy (Available from the W release)
Thanks,
Randheer
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-24-2024 09:16 AM
Thank you for the clarifications. I heard some good feedback from our dev team that it's working. Next step is to review with the customer and try in some other environments.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-18-2024 06:06 AM
Anyone have an answer for the above?