You need to sign in to do that
Don't have an account?
Tony Rissone
MFA impacting all users instead of just users assigned the permission set
So we created the permission set to require users, assigned the permission set, to validate via multi factor authentication using the app. As a test we applied it to two users.
At first it was utterly useless, it didn't force anything. The two users would just log in as usual (via SSO) and never confirm anything.
Then we set the profile session settings of those users
"Session Security Level Required at Login" to "high assurance"
What happened next was absolutely dumbfounding as it then required all users of that profile to login via MFA using the app....so we checked the profile system permissions and all permission sets assigned to a list of users....none had MFA as required for user/api login. We only want it to require login for the two users assigned the permission set...not everyone..
What is going on???
At first it was utterly useless, it didn't force anything. The two users would just log in as usual (via SSO) and never confirm anything.
Then we set the profile session settings of those users
"Session Security Level Required at Login" to "high assurance"
What happened next was absolutely dumbfounding as it then required all users of that profile to login via MFA using the app....so we checked the profile system permissions and all permission sets assigned to a list of users....none had MFA as required for user/api login. We only want it to require login for the two users assigned the permission set...not everyone..
What is going on???
But we can't find out why the system setting is utterly useless and doesn't actually work or require the user to use MFA.