One of our clients requested to have a hybrid SecurID solution, where he need to use MFA tokens(push for approval, biometrics. etc..) and ODA tokens(SMS and email) to challenge the users after signing in to the SSO portal (through IDR). Group of users will be using MFA only and the others will be using ODA(SMS or email).
We have proposed the following:
IDR to be deployed on the DMZ which will handle the SSO portal , SAML integration with the on-premise apps, and the MFA to be redirected to RSA CAS.
Authentication manager to authenticate ODA users, and for on-premise SMS gateway integrations.
My question here, after integrating IDR with the AM, if a user sent an authentication request to the SSO portal can the IDR distinguish if this user should authenticate using MFA and redirect this request to RSA CAS and if another user request an authentication using ODA redirects the request to the authentication manager?
Also i would like to know if there would be to administration interfaces for such solution , or the ODA users can be managed from the CAS?