Multiple authentication levels for a single application

Cantor, Scott cantor.2 at
Tue Sep 3 08:21:16 EDT 2019

On 9/2/19, 12:47 PM, "users on behalf of Guillaume Rousse" <users-bounces at on behalf of guillaume.rousse at> wrote:

> Whereas this behaviour is consistent with the MFA flow documentation, this seems quite cumbersome for something
> which looks like a trivial use case.

Lots of things look trivial until you actually implement them. Nothing about Duo or other single factor systems masquerading as MFA is trivial. With a true two factor system like RSA's (which is bad in a lot of other ways, but not in this particular way), the IdP would do it automatically, but the user would be entering a PIN and it would appear to be "prompting for the password again" anyway.

I don't think the script is particularly cumbersome either.
-- Scott

More information about the users mailing list