Avoiding 2nd MFA factor for ECP

Cantor, Scott cantor.2 at osu.edu
Tue Sep 11 19:22:32 EDT 2018

> Is there something in the profile configuration we could set/change to only do
> the password auth half?

It really depends how you're handling it to start with. I don't have MFA imposed for all apps, and our mobile app doesn't request or require MFA, so it doesn't think it should run Duo, and all is well.

> Should our MFA "next-step" script check for what profile is in use and signal
> "done" when the profile is ECP?  (e.g. using
> profileRequestContext.getProfileId(), and matching it against...
> whatever the ECP ID is?)

You could if you have to for some reason, or more easily just test the isBrowserProfile method on ProfileRequestContext.

(Also, the non-browser Duo support is coming in 3.4, which I imagine you know.)

-- Scott

More information about the users mailing list