MFA for Incommom members
Cantor, Scott
cantor.2 at osu.edu
Wed Jul 3 11:17:09 EDT 2019
On 7/3/19, 11:06 AM, "users on behalf of NAINI, NIKHIL" <users-bounces at shibboleth.net on behalf of NAINI at mailbox.sc.edu> wrote:
> Scott, thanks for the response, but the SP said it's not possible for him to tweak his metadata just for 1 University and a
> single application.
I said nothing about metadata.
> Are there any other ways we can get this implemented?
David gave you the answer, in reverse. Identify the service accounts that need to bypass MFA, and use the MFA rule scripting logic that's running the second factor method to remove the requirement for MFA for those accounts by removing the RequestedPrincipalContext from under the AuthenticationContext in the tree. By the time the rule runs to transition from Password to whatever else, the account identity is known.
-- Scott
More information about the users
mailing list