MFA Resources

Cantor, Scott cantor.2 at
Tue Jul 28 18:28:36 UTC 2020

On 7/28/20, 2:16 PM, "users on behalf of Mak, Steve" <users-bounces at on behalf of makst at> wrote:

>    This list has warned in the past and I will warn you as well.
>                idp.authn.flows= MFA|Duo|Password
>   This line is enabling a possible MFA bypass in your IdP.

That's correct, that documentation is wrong.

>    My IdP only has idp.authn.flows=MFA

Using the MFA feature generally involves enabling only that flow. In rare cases, when there are "other" methods unrelated to the MFA rules such as X.509 or SPNEGO, you might have them both active, but generally that's going to cause problems later and it's best to control the combination of options directly with the MFA feature.

-- Scott

More information about the users mailing list