Avoiding 2nd MFA factor for ECP
cantor.2 at osu.edu
Tue Sep 11 19:22:32 EDT 2018
> Is there something in the profile configuration we could set/change to only do
> the password auth half?
It really depends how you're handling it to start with. I don't have MFA imposed for all apps, and our mobile app doesn't request or require MFA, so it doesn't think it should run Duo, and all is well.
> Should our MFA "next-step" script check for what profile is in use and signal
> "done" when the profile is ECP? (e.g. using
> profileRequestContext.getProfileId(), and matching it against...
> whatever the ECP ID is?)
You could if you have to for some reason, or more easily just test the isBrowserProfile method on ProfileRequestContext.
(Also, the non-browser Duo support is coming in 3.4, which I imagine you know.)
More information about the users