Multiple authentication levels for a single application
cantor.2 at osu.edu
Tue Sep 3 08:21:16 EDT 2019
On 9/2/19, 12:47 PM, "users on behalf of Guillaume Rousse" <users-bounces at shibboleth.net on behalf of guillaume.rousse at renater.fr> wrote:
> Whereas this behaviour is consistent with the MFA flow documentation, this seems quite cumbersome for something
> which looks like a trivial use case.
Lots of things look trivial until you actually implement them. Nothing about Duo or other single factor systems masquerading as MFA is trivial. With a true two factor system like RSA's (which is bad in a lot of other ways, but not in this particular way), the IdP would do it automatically, but the user would be entering a PIN and it would appear to be "prompting for the password again" anyway.
I don't think the script is particularly cumbersome either.
More information about the users