Hi,
Does ISC currently supports multi-factor authentication (MFA) using Time-based One-Time Passwords (TOTP) during Accounts password resets ?
We specifically wants to use ISC OTOB TOTP-based MFA (e.g., using an authenticator app) or Entra MFA (by using already enrolled Microsoft Authenticator).
We have enabled password reset for Admins’ Active Directory accounts. However, the current MFA options—OTP via email/SMS or Knowledge-Based Authentication (KBA) pose challenges.
For example, users may already be logged into SailPoint while Outlook is also open, making email-based OTP less secure. KBA is also limited in its effectiveness. Additionally, not all users have a consistent professional phone number, and they are uncomfortable sharing personal numbers.
Moreover, ISC external authentications options such as Duo Web, Okta Verify, RSA SecurID, and Symantec VIP are not supported in our usecase
Does anyone have suggestions on how to address this ?
Also, I found these two idea submissions—If anyone is able to, please consider voting for these related to support these features :
OTOB Sign in MFA is not Password Reset/Unlock | SailPoint Ideas Portal
Azure MFA for end user self password | SailPoint Ideas Portal