How do you enforce MFA for logging into the ActiveRoles web interface?
- Products
- Solutions
- Resources
- Trials
- Support
- Partners
- Communities
How do you enforce MFA for logging into the ActiveRoles web interface?
We implemented AzureAD authentication for this and used conditional access to enforce MFA.
Note, that customer might use ARS (a) in INTRANET-ONLY, and (b) HelpDesk team uses their onprem-AD\admin-jsmith like accounts (without O365 email and, therefore, no MFA). Assuming ARS does not bridge directly to AAD/O365 and the only MSFT AADConnect does the bridge AD/EX<-->AAD/O365.
As long as the client has internet access, using Azure AD should work as the server doesn't need access to Azure AD for SAML authentication to work.
If AzureAD or another public idp isn't available, another option is to use ADFS instead.
AzureAD is available.