AnsweredAssumed Answered

Portal Multi-Factor Policy to Allow Multiple Rule-Sets

Question asked by BIlly Stanfield on Sep 3, 2020
Latest reply on Sep 4, 2020 by BIlly Stanfield

Like • Show 0 Likes0
Comment • 4

Portal Multi-Factor Policy Enhancements

Currently in our version of CAS, IDR Software Version: 12.9.0.0.4, the Portal Multi-Factor policy (System Policy) does not allow for multiple rule sets and the only Target Audience is All Authenticated Users.

We have a process where enrolling into our MDM, user would need to access the MDM via a non-trusted network. If there was the ability to Target these one-off via AD group, users to allow MFA Bypass during the MDM enrollment and remove them post enrollment would be ideal for the organization.

Currently I see no other way either by leveraging ODA, which often these are new user with no ODA enrollment of the Emergency Token feature.

Is there a configurable way to bypass the MFA for the enrollment as the Portal MFA policy overrides the Application policy which does allow for this workflow.

Attachments

2020-09-03 14_46_55-RSA SecurID Access.png37.5 KB

No one else has this question

Outcomes

Randy Belbin

Sep 3, 2020 4:00 PM

Hi Billy,

For the enhancement request, please add your request to our ideas page which can be found here RSA Ideas for RSA SecurID Access

In the interim, a potential solution might be to configure your MDM solution to integrate with our cloud IDP. This would bypass the portal and allow you to do group-based access control independent of your portal policy.

Actions

BIlly Stanfield @ Randy Belbin on Sep 3, 2020 4:33 PM

Thanks Randy, I’ll look to see if there is any Intune integration with RSA.

Sent from Outer Internets

Actions

Randy Belbin

@ BIlly Stanfield on Sep 3, 2020 6:23 PM

My pleasure!

It looks like you may be using RSA SecurID Access for SSO access to Office365. The cloud IDP may not be a viable solution since authentication into Intune is pretty much "hitched" to the overall Office365 authentication process.

Please reach out to me (Randy Belbin) and Stephen Coltart directly and let's set up a time to work through some options.

Actions

BIlly Stanfield @ Randy Belbin on Sep 4, 2020 6:33 AM

Hi Randy, I have a WS-Federation Office365 Direct STS Configured in Production. RSA is providing Authentication via SSO and MFA.

Actions

4 Replies

Randy Belbin Sep 3, 2020 4:00 PM
Mark Correct
Correct Answer
Hi Billy,

For the enhancement request, please add your request to our ideas page which can be found here RSA Ideas for RSA SecurID Access

In the interim, a potential solution might be to configure your MDM solution to integrate with our cloud IDP. This would bypass the portal and allow you to do group-based access control independent of your portal policy.
Like • Show 1 Like1
Actions
- BIlly Stanfield @ Randy Belbin on Sep 3, 2020 4:33 PM
  Mark Correct
  Correct Answer
  Thanks Randy, I’ll look to see if there is any Intune integration with RSA.
  
  Sent from Outer Internets
  Like • Show 0 Likes0
  Actions
  - Randy Belbin @ BIlly Stanfield on Sep 3, 2020 6:23 PM
    Mark Correct
    Correct Answer
    My pleasure!
    
    It looks like you may be using RSA SecurID Access for SSO access to Office365. The cloud IDP may not be a viable solution since authentication into Intune is pretty much "hitched" to the overall Office365 authentication process.
    
    Please reach out to me (Randy Belbin) and Stephen Coltart directly and let's set up a time to work through some options.
    Like • Show 0 Likes0
    Actions
    - BIlly Stanfield @ Randy Belbin on Sep 4, 2020 6:33 AM
      Mark Correct
      Correct Answer
      Hi Randy, I have a WS-Federation Office365 Direct STS Configured in Production. RSA is providing Authentication via SSO and MFA.
      Like • Show 0 Likes0
      Actions

Portal Multi-Factor Policy to Allow Multiple Rule-Sets

Attachments

Outcomes

Related Content

Recommended Content