Is it possible to force a specific MFA provider based on a user-agent (ideal) or IP address (less ideal) in AD FS? Alternatively, is there another free SAML IdP that would allow this? Read below for why, in case there is another option that I am missing:
I’m using AD FS 3.0 as a SAML 2.0 IdP for a cloud service used internally at a business. I have enabled MFA using integrated Windows authentication and I have also enabled certificates as a second factor.
This works great on the domain-joined desktops we deploy. Once the user is logged into Windows, they are automatically logged into the cloud service assuming they have a valid certificate. They don’t have to do anything to authenticate and this is awesome.
This cloud service provides a mobile app for iOS and Android devices. The mobile app uses an embedded browser for authentication. During authentication, upon redirection to the IdP, AD FS falls back to forms-based authentication which is fine. However, when AD FS requests a client certificate, the embedded browser in these apps freezes. Thus, it is not possible to log into the apps using certificate-based authentication.
I’ve informed the vendor, they are able to replicate the issue and are investigating whether they can fix it, but my hopes are not high that they will be able to (at least in a timely manner).
In the mean time, I would like to provide two options: use certificates as the second factor on desktop browsers, and use a custom authentication provider (I can build this no problem) for mobile browsers.
Is this possible? The closest I can get right now is to present the user with an option of which MFA mechanism they would like to use. This isn’t good enough, unfortunately, especially since users will need to do this several times per day.
✓ Extra quality
ExtraProxies brings the best proxy quality for you with our private and reliable proxies
✓ Extra anonymity
Top level of anonymity and 100% safe proxies – this is what you get with every proxy package
✓ Extra speed
1,ooo mb/s proxy servers speed – we are way better than others – just enjoy our proxies!
USA proxy location
We offer premium quality USA private proxies – the most essential proxies you can ever want from USA
Our proxies have TOP level of anonymity + Elite quality, so you are always safe and secure with your proxies
Use your proxies as much as you want – we have no limits for data transfer and bandwidth, unlimited usage!
Superb fast proxy servers with 1,000 mb/s speed – sit back and enjoy your lightning fast private proxies!
99,9% servers uptime
Alive and working proxies all the time – we are taking care of our servers so you can use them without any problems
No usage restrictions
You have freedom to use your proxies with every software, browser or website you want without restrictions
Perfect for SEO
We are 100% friendly with all SEO tasks as well as internet marketing – feel the power with our proxies
Buy more proxies and get better price – we offer various proxy packages with great deals and discounts
We are working 24/7 to bring the best proxy experience for you – we are glad to help and assist you!