Enforce MFA for federated IDPs
Nate Klingenstein
ndk at signet.id
Fri May 3 15:58:38 EDT 2019
> I don't think this is a good model. Preventing people from picking something is bad for the user experience and just leaves them not understanding why service A lets them choose something and B doesn't. Discovery should be consistent.
I understand your point, but the user's not getting in either way and a help desk call would be forthcoming. Which model has the better chance of being routed to and answered by the right people is a toss-up to me.
Discovery today is anything but consistent. It needed to be consistent, but that's a separate tragedy that we didn't do nearly enough about years ago.
More information about the users
mailing list