Description
Policy to enforce MFA when logging in with a 3rd party (federation)
Problem
Currently, if a user logs in with a 3rd party using federated authentication (Google, Facebook, OIDC, SAML, etc), FusionAuth skips MFA. This assumes that the 3rd party is providing the necessary MFA for the user to ensure they are who they say they are. It's possible that the user has not enabled MFA with the 3rd party but has enabled MFA with FusionAuth.
Solution
It would be nice to provide a policy for an Identity Provider or a single factor of a user that requires the user to MFA with FusionAuth, regardless of the 3rd party authentication.
Related
- Two Factor Authentication is ignored when authenticating with Identity Providers #1903
- Federated users in an SSO session are prompted to setup MFA on subsequent logins #2357
- Update https://fusionauth.io/docs/v1/tech/identity-providers/#account-security when this is implemented
Community guidelines
All issues filed in this repository must abide by the FusionAuth community guidelines.
How to vote
Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.