MFA for Incommom members

Cantor, Scott cantor.2 at
Wed Jul 3 11:17:09 EDT 2019

On 7/3/19, 11:06 AM, "users on behalf of NAINI, NIKHIL" <users-bounces at on behalf of NAINI at> wrote:

> Scott, thanks for the response, but the SP said it's not possible for him to tweak his metadata just for 1 University and a
> single application. 

I said nothing about metadata.

> Are there any other ways we can get this implemented? 

David gave you the answer, in reverse. Identify the service accounts that need to bypass MFA, and use the MFA rule scripting logic that's running the second factor method to remove the requirement for MFA for those accounts by removing the RequestedPrincipalContext from under the AuthenticationContext in the tree. By the time the rule runs to transition from Password to whatever else, the account identity is known.

-- Scott

More information about the users mailing list