While setting up my access to the SailPoint Developer Community forum, I was able to configure MFA - using the MFA service of my choice.
I elected to use Okta and configuration was easy.
It would be helpful to have a similar MFA option for IdentityNow to replace or extend the Strong Authentication configuration available on Identity Profiles - and not require specific integration support (where not required) as provided for by Duo etc.
I am unclear what architectural issues would need to be overcome to support say Okta or Google MFA, but believe that supporting these services would make life simpler - at least for the Admin community.
@adrianhannen this is a great question! Iām going to have someone from our product team step in and give a more specific answer, but in the interim youāll be happy to know that we are launching an Aha! Ideas portal specifically for developers like you to request features, see and vote on other feature requests, and get feedback in real time.
In the meantime, forget to subscribe to the Announcements channel for any announcements coming from out that you might be interested in. Donāt worry, we keep our announcements technical and only related to developersāno marketing
Hey Adrian, Thanks for the suggestion. Weāre actually in the process of evaluating new and better ways of integrating with MFA vendors. Ensuring ease of configuration and intuitive user experience are top areas of focus for this initiative. We arenāt far enough to share details just yet, but weāll share as soon as we can. Thanks again,
Hi Trey, That is great to hear. It was the experience of configuring MFA for access to this forum that prompted the suggestion - I thought it worked well.
Are you able to share anything at this time now? We are looking to switch from DUO to MS Authenticator MFA for strong authentication. I can not find any information that an integration for MS Authenticator MFA exists. Hopefully you can provide an update, and/or point me to some information on the subject
I wanted to touch base with everyone on this ask. We are looking to deprecate strong auth for admin step up in lieu of using MFA at login.
*MFA on login uses the āTOTPā standard for authentication.
*That means that users can use the Google Authenticator, the Microsoft Authenticator, along with a huge number of other companies which provide TOTP apps.
Strong auth as it currently stands will remain for password reset only, and does not currently support TOTP.
Let me know if this makes sense or if you have further questions. Thanks!
That will be great that you will be finally supporting TOTP !
How customizable will this be? Is it a global feature, or can it be only for Admin step-up?
A lot of organisations dont want to burden all users with MFA, and only require it for Admins.
The ability to configure TOTP for login has been available for about a year now and can be enabled by identity profile. Just select MFA for sign-in method and you can use whichever method you prefer. As far as deprecating strong auth for admin, weāre very close to being able to roll out.
What is the latest update on this @colin_mckibben ! Do we need to submit a new idea for this to make something of it because we have clients asking for this pretty much every day.
Hey Tyler,
I am looking to have certain admin roles step up auth when they access IdentityNow. Am I correct that this would mean that we would need those admins assigned to a different Identity Profile as a source for those users?
Is there are any plans for an ability to trigger MFA based off Admin roles as an alternative.
-Tyson
