-
Suggestion
-
Resolution: Unresolved
-
None
-
7
-
Issue Summary
Currently if org admins enable OTP base EUS on external users and if user themselves have enabled MFA at their account level then user would need to authenticate three time.
- First login using email/password
- login using MFA enabled at account level using authenticator app
- login using email OTP MFA enforced by admins on external users using EUS policy
This hampers the login experience for the end user.
Steps to Reproduce
- Invite any external user (that have MFA enabled at their account level) to your site
- Enable MFA for external users using EUS
- Now if the external user tries to access the site, user would need to authenticate thrice.
Expected Results
Expectation is to allow org admins to add configuration in EUS:
- If external user account is protected by 2FA, then do NOT enforce MFA on site level (via OTP via eMail).
- If external user account is not protected by 2FA, then DO enforce MFA on site level (via OTP via eMail).
Actual Results
Currently, irrespective of whether external user has enabled MFA at account level or not, if org admins have enabled MFA on external users using EUS, external users would need to authenticate using EUS MFA.
Workaround
Required, if there is no workaround please state:
Currently there is no known workaround for this behavior. A workaround will be added here when available