Identifier First + Biometrics incompatibility with IdP-Initiated SAML login

lihua.zhang · August 16, 2022, 12:14am

Problem Statement:

When attempting an IdP-Initiated SAML login while having Identifier First + Biometrics as a first factor passwordless login option, the login flow will stall with a classic MFA prompt displayed with a spinning loading circle.

Solution:

This is due to a product issue. Before the fix, a temporary workaround could be to create a rule that disables MFA for either the SAML connection or an application if that fits the customer use case:

function disableMultifactorAuthentication(user, context, callback) {
  if(context.connectionID === "[your_connection_id]") {
    context.multifactor = {
          provider: 'none'
    };
  }
 callback(null, user, context);
}

Topic		Replies	Views
Identifier First + Biometrics not prompting users to enroll in biometrics Knowledge Articles enrollment , biometrics , identity-first	1	1731	December 6, 2022
Users prompted for biometrics MFA after they already declined biometrics for login Knowledge Articles user , biometrics , identifier-first-biometrics	1	720	September 1, 2023
"invalid_request (No MFA factors enabled for enrollment)" error after disabling WebAuthn Device Biometric Knowledge Articles mfa , error , webauth , invalid , biometrics , new-universal-login , classic-universal-login	1	2393	September 26, 2022
Identifier First + Biometrics Enabled but not users are not able to choose biometrics for login Help login-experience , new-universal-login-experience	1	10	October 31, 2024
Login loop after enabling MFA Help	3	1891	November 9, 2022

Identifier First + Biometrics incompatibility with IdP-Initiated SAML login

Problem Statement:

Solution:

Related Topics