a1urz (a1urz) asked a question.
Supporting MFA pass through with SAML with OKTA federating to Azure AD
We have an application that uses Okta Classic as its identity provider. Okta policies have been configured to enforce MFA. Currently customers who have federation enabled are getting challenged for credentials on their IDP and then getting challenged again by Okta for MFA.
How doe we configure pass through MDA with SAML such that if the user is challenged with MFA by their IDP they are not challenged again on Okta?
Hi @a1urz (a1urz) , thank you for contacting Okta Community.
In this instance, you could disable MFA on the Okta side through policies that allow users to sign into apps without being prompted for MFA. You can find more details on setting up sign-on policies here.
However, this setup may not be possible for the Admin Console app. You can read more about that here or post a question for the upcoming Ask-Me-Anything event.
If you have a paid account, you can suggest a new feature or improvement on the Okta Community page by going to the Community→ Ideas tab. Features suggested in our community are reviewed and can be voted on and commented on by other members. High popularity will increase the likelihood of it being picked up by the Product Team and implemented.
You can find more details here.
Regards.
—
Ask Us Anything thru 9/3 Okta’s New MFA Requirement for Admin Console Access
HI @User17157611498146715886 (Customer Support Online Community and Social Care) thanks for responding.
Unfortunately we cannot remove the mfa off the okta policy as the application is used by multiple customers and not all of them have federation enabled. As such if it were to be removed on the policy then those custoemrs would not be protected by mfa.
Is there a way to do MFA passthrough in SAML with okta similar to how it can be doen with OIDC via the acr asserts?