<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008KhNFxSANOkta Classic EngineSingle Sign-OnAnswered2025-03-03T09:02:23.000Z2018-09-12T16:52:12.000Z2018-09-14T20:13:05.000Z

bjgjo (bjgjo) asked a question.

September 12, 2018 at 4:52 PM
Assert MFA to SAML apps

We are trying to determine how to assert whether MFA was or was not used to a downstream SAML application. The use case is to support REFEDS (https://refeds.org/profile/mfa). Essentially we have both MFA and non-MFA users accessing the same application, and the application needs to know whether they used MFA or not to make further decisions.

 

It is possible to select one of several authentication context classes (AuthnContextClasRef)for SAML apps we create from scratch, but this does not have a REFEDS-compatible option (and does not allow user entry), and would not allow for per-user determination anyway.

 

How can Okta SAML apps comply with the REFEDS specification?

  • 3 answers
  • 1.36K views
5sx82 likes this.

  • stefan.pescaru1.4793088119572407E12 (Okta, Inc.)

    Hello,

     

    I have researched the matter internally and have confirmed that, at this point, Okta does not support the REFEDS AuthnContextClassRef.

    What I would recommend would be to to create a feature request in our community forums. You can do this by accessing https://support.okta.com/help/oktaideas and use the green button "Post an idea" on the right. Features suggested in our community are reviewed and can be voted and commented on by other members of the community, therefore making it much easier for the engineering team to understand the priorities that you have for feature requests. From there, the PM team will review the top 30 most voted upon ideas each month and provide feedback/roadmap status on these via the forum.

     

    Stefan Pescaru

    Technical Support Engineer

    Okta Global Customer Care

    Expand Post

  • mike.davie1.5312945692819849E12 (Customer First Programs)

    Hello,

     

    Thanks for posting your inquiry in Okta Community Portal.

     

    If you really liked your answer, please help readers find it by marking it the best answer. Hover over the answer and click "Best Answer." 

     

    Thank you,

    Mike Davie

    Okta Help Center

    Expand Post
This question is closed.
Loading
Assert MFA to SAML apps