c5gm8 (c5gm8) asked a question.
I've read through the documentation and haven't tried to do this yet, but wanted to check here first. I am needing to implement YubiKey and an alternative MFA option (some employees have YubiKeys, others won't, some will have one but can only have access to use it in certain situations, so that is why I need at least two options). The tricky part I can see is that we need the ability to make these two options simultaneously available for an account. For example, an employee might have an at-home computer they can use a YubiKey with, but might also have additional shared computers on-site among other employees so would need to use a different MFA method.
Is this feasible (and safe security-wise)? If so, are there any docs that I can learn more about implementing this?
Thanks!
When a user's account is enrolled in multiple factor types, the MFA prompt incorporates a drop-down list, from which the user may select any enrolled factor, every time.
Note that some factor types may not be available in certain situations. For example, the U2F Security key works only with Chrome and Firefox browsers (at this time), and so cannot be used when authenticating through Okta via the Cisco ASA VPN client.