In the context of Azure SSO and Saviynt, enforcing Multi-Factor Authentication (MFA) at every login might not be directly controllable within Saviynt alone, as it largely depends on the configurations and policies set up in Azure Active Directory (Azure AD) and the Azure SSO settings.
However, you can enforce MFA for specific conditions or scenarios in Azure AD. Here are a couple of options you might consider:
Conditional Access Policies: Azure AD allows you to create conditional access policies that can enforce MFA based on certain conditions such as user groups, applications, locations, device platforms, or risk levels. You could configure a conditional access policy that requires MFA for accessing Saviynt, regardless of whether the user has an active session or not.
Session Controls: While Azure AD might not directly control the session state of Saviynt, you can configure session controls within Azure AD to set session lifetimes and idle timeouts. This won't force MFA at every login, but it can help in managing session lifetimes and automatically signing out users after a certain period of inactivity.
Remember that enforcing MFA at every login might impact user experience, so it's important to carefully consider the implications and communicate any changes to your users. Additionally, ensure that your organization's security policies and compliance requirements are met when implementing such controls.
Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
