Menu
▾
▴
Re: [Unity-idm-discuss] Enforcing MFA for users in a specific group
|
From: Sander A. <sa....@fz...> - 2023-07-06 10:06:29
|
Hi Krzysztof, I already assumed, that it is not possible. Thanks for the information. Best regards, Sander On Thu, 2023-07-06 at 11:57 +0200, Krzysztof Benedyczak wrote: > Hi Sander, > > W dniu 5.07.2023 o 13:15, Sander Apweiler pisze: > > Hi Krzysztof, hi Roman, > > we have a group in our instance who asked if it is possible to > > enforce > > MFA for all their members. I know unity can enforce MFA on a > > specific > > endpoint/realm, but I don't know a possibility to enforce it to > > users > > from a specific group. Can you confirm this or explain how it would > > work? > > Unfortunately it is not supported. Of course you can enable "MFA > user > opt in" for all group users, but that can't be automated (and so will > require additional action when a new user is added). > > An improved solution would be to make management of the MFA opt in > also > possible using a regular attribute. Then one would be able to setup > attribute statement on the root group to set this MFA opt in to true > for > all members of a given group (or basing on any other condition). But > this will require additional MFA policies too, and we need a chain of > decisions what happens in case of conflicts (e.g. user of that group > has > no 2F credential or unset her MFA opt-in). Most likely a more > sophisticated policies in authN flows would be needed as well. > > Best, > Krzysztof > -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Stefan Müller Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Dr. Ir. Pieter Jansens, Prof. Dr. Astrid Lambrecht, Prof. Dr. Frauke Melchior ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
