Avoiding 2nd MFA factor for ECP
Christopher Bongaarts
cab at umn.edu
Tue Sep 11 16:55:55 EDT 2018
Currently, ECP doesn't work with our MFA setup (the old pre-3.3 Duo
module with initial password auth). While we're in the process of
migrating to the shipped 3.3 Duo support, I was wondering what the
"best" way would be to avoid triggering the Duo step once we start
requiring it for more users for the usual browser profiles.
Is there something in the profile configuration we could set/change to
only do the password auth half?
Should our MFA "next-step" script check for what profile is in use and
signal "done" when the profile is ECP? (e.g. using
profileRequestContext.getProfileId(), and matching it against...
whatever the ECP ID is?)
Something else I'm not considering?
Thanks,
--
%% Christopher A. Bongaarts %% cab at umn.edu %%
%% OIT - Identity Management %% http://umn.edu/~cab %%
%% University of Minnesota %% +1 (612) 625-1809 %%
More information about the users
mailing list