Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

Azure SSO with multi factor authentication

New Contributor
New Contributor

Is it possible to force Saviynt to require MFA at every login?  We are using Azure SSO and the Saviynt logout type is Saviynt only.  If the user logs out of Saviynt, is it possible to require MFA at the next login even if their token hasn't yet expired?



In the context of Azure SSO and Saviynt, enforcing Multi-Factor Authentication (MFA) at every login might not be directly controllable within Saviynt alone, as it largely depends on the configurations and policies set up in Azure Active Directory (Azure AD) and the Azure SSO settings.

However, you can enforce MFA for specific conditions or scenarios in Azure AD. Here are a couple of options you might consider:

  1. Conditional Access Policies: Azure AD allows you to create conditional access policies that can enforce MFA based on certain conditions such as user groups, applications, locations, device platforms, or risk levels. You could configure a conditional access policy that requires MFA for accessing Saviynt, regardless of whether the user has an active session or not.

  2. Session Controls: While Azure AD might not directly control the session state of Saviynt, you can configure session controls within Azure AD to set session lifetimes and idle timeouts. This won't force MFA at every login, but it can help in managing session lifetimes and automatically signing out users after a certain period of inactivity.

Remember that enforcing MFA at every login might impact user experience, so it's important to carefully consider the implications and communicate any changes to your users. Additionally, ensure that your organization's security policies and compliance requirements are met when implementing such controls.

Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.