cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

MFA in IAS Admin Console

vidyaraghavan
Explorer

on ‎2024 Dec 23 6:47 PM

0 Kudos
824

Hi Team,

We are looking to enable MFA for IAS Admin Console so that the administrators can login via a secure mechanism & not be entering password manually.

Understand we can configure MFA at the application level ( under Applications & Resources) & choose the Admin console->Risk Based Authentication & then enable Two factor authentication. 

Can you please let us know if this is the standard way to enable MFA at application level or is there any other best practices to be followed .

Please help to share.

Thanks
Regards

Vidya

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (0)

Answers (1)

Answers (1)

MSo
Product and Topic Expert
Product and Topic Expert
‎2025 Jan 02 9:08 AM
0 Kudos

Hi Vidya
you can configure access to the IAS admin console in the settings of the System Application 'Administration Console'.
Wrt MFA one can either enforce it with local authentication (i.e. users have to use the credentials they have in IAS itself) under 'Risk-based authentication' configuration. Or one can delegate authentication to the corporate IdP and enforce MFA there - this can be configured under 'Conditional Authentication' for the system admin application Admin Console.
If you decide for the latter option I recommend to allow Identity Authentication users to login and have at least one admin with local credentials in IAS. This will allow an admin to login to the admin console if ever the trust configuration to the corporate IdP would fail.

Ad how to avoid the need for passwords: if IAS is authenticating authority, one can configure biometric secrets or X.509 as alternative to password based authentication.

Regards,
Marko, IAS Product Management

Show replies
Show replies
vidyaraghavan
Explorer
‎2025 Jan 02 10:32 AM
0 Kudos
Thanks Marko for the detailed explanation.
vidyaraghavan
Explorer
‎2025 Jan 02 10:42 AM
0 Kudos
Thanks Marko for the detailed explanation. Regarding first option: MFA via Risk Based Authentication Configuration, just to clarify you mean that the IAS administrators will enter the user and password but then they will be prompted with Two Factor Authentication (based on the method we setup) - please clarify my understanding. Regarding 2nd option: delegate authentication to corporate IDP, we have Azure as corporate IDP & have MFA enabled there, so we can setup under Conditional Authentication as Azure . Noted on the one admin creation as a backup in case trust fails. For avoiding passwords, could see the biometric options but X509 - can you please clarify. Also is there any standard recommendation or best practice for accessing IAS Admin Console. Thanks for your help.
Ask a Question