Enable or disable multi-factor authentication for each application

Enable or disable MFA per application or use global IdP MFA settings. Apply disable bypass MFA criteria per application.

This procedure is useful when you need global multi-factor authentication (MFA) for an identity provider (IdP) but you need to exclude an application from using the MFA policy of the IdP. Or, you do not have a global MFA policy, but you want to add a custom MFA policy for only one application. Or, if you’ve set bypass MFA criteria in the IdP, and you want to override it for an important application even if the user is within the corporate network, or using a managed device, you can set the disable bypass MFA criteria. Then, the user will be prompted for MFA required for accessing that application.

How to

  1. Log in to the EAA Management Portal.
  2. From the top menu bar, click Applications.
  3. Click the application card for the application you want to configure.
  4. Click Settings > AUTHENTICATION.
  5. Click MFA Settings. The MFA Settings dialog appears. Select one of the choices:
    • Enable. You might want to require users to use MFA for just this application, although the IdP might not have MFA.
    • Disable. You might want to not require users to use MFA for just this application, although other applications will keep the MFA settings of the IdP.
    • Use Global MFA Setting (Default). You might want to keep the same MFA settings as set in the IdP and not change it.
    • Disable Bypass MFA criteria. Select this option if you want to disable the evaluation of bypass MFA criteria you set in the IdP. Then, the user will be prompted for MFA for this application even if any of the criteria is met.
      Note: Select this option, only if you have set any Bypass MFA criteria in the identity provider.
  6. Click Save on the dialog.
  7. Click Save and exit on the application.