OTP mixed with external identity providers
-
Hi there,
We have a mix of customers - mostly using their own Azure or Okta that we federate with using FusionAuth's Identity Providers and associated reconcile lambdas.
In this case, MFA is taken care of with the external identity provider.
However, we sometimes create user accounts manually within FusionAuth, and in this scenario, we want to force MFA (OTP in particular) to be used.
At the Application level, I can force MFA to be used, thereby making sure that all users enrol the MFA OTP token at login time, but this also means that federated Azure customers then have to have a 3rd layer of authentication.
There seems to be no configuration setting requiring MFA at the user level, rather than application level - thereby making the user enrol the OTP token regardless of the application they are accessing.
How do we resolve this?
Thanks
Brad.