SecureAuth IdP Version Affected: All
Description: SecurePortal is configured, but you want to have certain applications within the Portal prompt for 2FA
Cause: SecurePortal is set up to allow SSO to any application within it, naturally.
In a typical SecurePortal setting, the Post-Auth cookie and the Forms Auth name is the same across all realms within the SecurePortal, including the SecurePortal itself.
Resolution: Adjust the cookie settings so it prompts for 2FA.
For applications that you want to step up authentication for, adjust the cookie settings by swapping the Pre-Auth and Post-Auth/Forms Authentication name.
Then adjust the token settings to "Token" so that the user does not have to input the username, since they had to input that originally to sign in to the SecurePortal realm.
In the screenshot above, there is a begin site as well so users cannot access this realm without going through the SecurePortal realm first.
SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.
Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.
Comments
Article is closed for comments.