MFA Services for IdentityNow

While setting up my access to the SailPoint Developer Community forum, I was able to configure MFA - using the MFA service of my choice.

I elected to use Okta and configuration was easy.

It would be helpful to have a similar MFA option for IdentityNow to replace or extend the Strong Authentication configuration available on Identity Profiles - and not require specific integration support (where not required) as provided for by Duo etc.

I am unclear what architectural issues would need to be overcome to support say Okta or Google MFA, but believe that supporting these services would make life simpler - at least for the Admin community.

Regards, Adrian

4 Likes

@adrianhannen this is a great question! Iā€™m going to have someone from our product team step in and give a more specific answer, but in the interim youā€™ll be happy to know that we are launching an Aha! Ideas portal specifically for developers like you to request features, see and vote on other feature requests, and get feedback in real time.

In the meantime, forget to subscribe to the Announcements channel for any announcements coming from out that you might be interested in. Donā€™t worry, we keep our announcements technical and only related to developersā€“no marketing :slight_smile:

Hey Adrian, Thanks for the suggestion. Weā€™re actually in the process of evaluating new and better ways of integrating with MFA vendors. Ensuring ease of configuration and intuitive user experience are top areas of focus for this initiative. We arenā€™t far enough to share details just yet, but weā€™ll share as soon as we can. Thanks again,

2 Likes

Hi Trey, That is great to hear. It was the experience of configuring MFA for access to this forum that prompted the suggestion - I thought it worked well.

Looking forward to seeing the solution!

1 Like

Hello Trey!

Are you able to share anything at this time now? We are looking to switch from DUO to MS Authenticator MFA for strong authentication. I can not find any information that an integration for MS Authenticator MFA exists. Hopefully you can provide an update, and/or point me to some information on the subject :slight_smile:

Mr Bean Waiting GIF by MOODMAN

Hi Denver,
Looks like it was an idea submitted 2 years ago, and status is ā€˜future considerationā€™

Support Microsoft Authenticator for MFA | SailPoint Ideas Portal

A lot of people voted for it, but I dont see any progress or updates.

1 Like

@adrianhannen @jrossicare

Hey All

I wanted to touch base with everyone on this ask. We are looking to deprecate strong auth for admin step up in lieu of using MFA at login.

*MFA on login uses the ā€œTOTPā€ standard for authentication.
*That means that users can use the Google Authenticator, the Microsoft Authenticator, along with a huge number of other companies which provide TOTP apps.

Strong auth as it currently stands will remain for password reset only, and does not currently support TOTP.

Let me know if this makes sense or if you have further questions. Thanks!

Tyler

2 Likes

Hi @Tyler_Harman

That will be great that you will be finally supporting TOTP !

How customizable will this be? Is it a global feature, or can it be only for Admin step-up?
A lot of organisations dont want to burden all users with MFA, and only require it for Admins.

Looking forward to this rolling out!

Awesome news! Any date/time this will be rolled out? Thanks

The ability to configure TOTP for login has been available for about a year now and can be enabled by identity profile. Just select MFA for sign-in method and you can use whichever method you prefer. As far as deprecating strong auth for admin, weā€™re very close to being able to roll out.

1 Like

@denvercape1 looks like your Mr Bean gif did the trick! Will paste it to other threads asap :stuck_out_tongue_winking_eye:

2 Likes

Let me know what thread youā€™re looking for information on, Jason, and Iā€™ll help you find a follow up!

Thanks Jordan, appreciate it. I know youā€™re all working really hard on improving the product and releasing as many features as possible

1 Like

Weā€™re here for you, my friend! And weā€™re so glad to have you here with us!

Hi @Tyler_Harman

Do you have an ETA of when this is rolling out?

Thanks

Iā€™ll be posting the specifics in other channels once I have all of the documentation approved, but next month :slight_smile:

What is the latest update on this @jordan_violet ! Do we need to submit a new idea for this to make something of it because we have clients asking for this pretty much every day.

Here is the latest update from @Tyler_Harman :

Hey Everyone!

I just made the official post about this in the announcements channel:

Let me know if you need anything!

Tyler

Hey Tyler,
I am looking to have certain admin roles step up auth when they access IdentityNow. Am I correct that this would mean that we would need those admins assigned to a different Identity Profile as a source for those users?
Is there are any plans for an ability to trigger MFA based off Admin roles as an alternative.
-Tyson

1 Like