Is there a way to configure “Require MFA once per session” rule to be applicable only to the users who have enrolled in MFA instead of all users for whom MFA is enabled?
You can add the following rule to accomplish it.
function requireMfaOncePerSession(user, context, callback) {
let authMethods = ;
if (context.authentication && Array.isArray(context.authentication.methods)) {
authMethods = context.authentication.methods;
}
const completedMfa = !!authMethods.find((method) => method.name === ‘mfa’);
if (completedMfa) {
return callback(null, user, context);
}
context.multifactor = {
provider: ‘any’,
allowRememberBrowser: false
};
callback(null, user, context);
}
1 Like
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.