Maybe its me who can’t find the documentation or the setting, but i can’t get Guardian MFA,custom domains and blocking 3 party cookies to work.
Blocking 3. party cookies is required - we can’t ask our users to allow 3. party cookies and we can’t ask them not to use MFA.
So with that said here is the problem:
When enabling a custom domain, the login happens on login.ourdomain.com - all good so far.
But the mfa-widget-1.5.js apparently connects to ourauth0domain.guardian.com and something then sets a cookie there with the domain ourauth0domain.guardian.com. This is obviously blocked because it is a third party cookie (originating from an root domain different from our login domain)
So did i miss a configuration, a section of the documentation that states, that MFA, custom domains and third party cookies are a show stopper or is the system just plain broken because no one considered this scenario?
Can anyone shed some light on the issue?
Edit: Ok, so after a little fiddeling i realized i can change this
" mfaServerUrl: “{{ mfaServerUrl }}”,"
to this "mfaServerUrl: “https://logintest.ourdomain.com/guardian/” in the Guardian Multifactor hosted page.
So where in the documentation does it state that you have to do this to get custom domains, MFA an TPC to work?