/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
- A new group XXX was created in the authentication directory and a risk-based rule was configured for the application to restrict SSO authentication to a subset of users.
- Users in the group XXX can still log on without multi-factor authentication (MFA) being enforced.
- Current configuration:
- Authentication action is set to two-factor authentication
- two-factor methods are set to Web authentication
- the Default Authentication Rule is set to "allow"
- Corporate IdP was set to the default Identity Provider
Read more...
Environment
Identity Authentication Service
Product
SAP Cloud Identity Services all versions
Keywords
cis rule ignored, multi-factor authentication, mfa, risk-based rule, identity authentication service, ias, sso authentication, group-based authentication, mfa enforcement, authentication configuration, web authentication, default authentication rule, identity federation, tenant configuration , KBA , BC-IAM-IDS , Identity Authentication Service , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)