Portal Multi-Factor Policy to Allow Multiple Rule-Sets
Portal Multi-Factor Policy Enhancements
Currently in our version of CAS, IDR Software Version: 22.214.171.124.4, the Portal Multi-Factor policy (System Policy) does not allow for multiple rule sets and the only Target Audience is All Authenticated Users.
We have a process where enrolling into our MDM, user would need to access the MDM via a non-trusted network. If there was the ability to Target these one-off via AD group, users to allow MFA Bypass during the MDM enrollment and remove them post enrollment would be ideal for the organization.
Currently I see no other way either by leveraging ODA, which often these are new user with no ODA enrollment of the Emergency Token feature.
Is there a configurable way to bypass the MFA for the enrollment as the Portal MFA policy overrides the Application policy which does allow for this workflow.
- Cloud Auth
- Cloud Authentication
- Cloud Authentication Service
- Community Thread
- Forum Thread
- RSA SecurID
- RSA SecurID Access
For the enhancement request, please add your request to our ideas page which can be found here https://community.rsa.com/community/products/securid/ideas
In the interim, a potential solution might be to configure your MDM solution to integrate with our cloud IDP. This would bypass the portal and allow you to do group-based access control independent of your portal policy.
It looks like you may be using RSA SecurID Access for SSO access to Office365. The cloud IDP may not be a viable solution since authentication into Intune is pretty much "hitched" to the overall Office365 authentication process.
Please reach out to me (Randy Belbin) and Stephen Coltart directly and let's set up a time to work through some options.