Step-Up Authentication on SSO Providers side

C_K_1 · ‎03-15-2024

I know that I can enforce MFA since San Diego by using the Adaptive Authentication Plugin as already mentioned by @Randheer Singh in his excellent post.

I was wondering if there is any way to configure the step-up authentication on the Identity Providers/SSO side. Is there any existing documentation for such a scenario? We want to enforce MFA when a user has certain roles, but we want the SSO to do the job if possible.

Regards

Chris

Randheer Singh · ‎05-10-2024

Hi @C_K_1 ,
All modern IdPs provide the option to define policies at their end to enforce MFA for certain roles/groups at the time of login.

Are you looking for a different user experience to enforce MFA during a session when the user is actually using the high-privilegs roles to perform high-value/high-risk/privileged operation?

Thanks,

Randheer