MFA for only certain users?
Jeffrey Williams
jfwillia at uncg.edu
Mon Oct 28 14:44:20 EDT 2019
Hi Melvin,
UNCG has an opt-in MFA program using Duo. We implemented a single login
flow that programmatically determined whether the user was enrolled and if
so, present the user Duo MFA pane. We followed the example given here
pretty closely:
https://wiki.shibboleth.net/confluence/display/IDP30/MultiFactorAuthnConfiguration#MultiFactorAuthnConfiguration-ProgrammaticallySelectingFlows
The LDAP environment we authenticate against has a group of all the MFA
users and Shibboleth checks for that group in the user's memberOf attribute.
Hope this helps.
On Mon, Oct 28, 2019 at 2:33 PM Melvin Lasky <melvin.lasky at manhattan.edu>
wrote:
> Hey all,
> Can anyone point me in a direction when I can enable an MFA flow for only
> certain users? We are looking to put MFA (Duo) up for a certain subsection
> of our population.
>
> Thanks for any help you can give.
>
> Have a great day!
>
> *Melvin Lasky*
> *Associate Director of Enterprise Architecture*
>
>
>
>
> Riverdale, NY 10471
> Phone: 718-862-7410
> melvin.lasky at manhattan.edu
> www.manhattan.edu
>
>
>
>
> --
> For Consortium Member technical support, see
> https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
--
Jeffrey Williams
Identity Engineer
Identity & Access Services
https://its.uncg.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20191028/f319e87f/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: email_logo.jpg
Type: image/jpeg
Size: 7478 bytes
Desc: not available
URL: <http://shibboleth.net/pipermail/users/attachments/20191028/f319e87f/attachment.jpg>
More information about the users
mailing list