Enforce MFA for federated IDPs

Nate Klingenstein ndk at signet.id
Fri May 3 15:58:38 EDT 2019

> I don't think this is a good model. Preventing people from picking something is bad for the user experience and just leaves them not understanding why service A lets them choose something and B doesn't. Discovery should be consistent.

I understand your point, but the user's not getting in either way and a help desk call would be forthcoming.  Which model has the better chance of being routed to and answered by the right people is a toss-up to me.

Discovery today is anything but consistent.  It needed to be consistent, but that's a separate tragedy that we didn't do nearly enough about years ago.

More information about the users mailing list