Enabling MFA for Non-Federated user
search cancel

Enabling MFA for Non-Federated user


Article ID: 366921


Updated On:


Clarity PPM SaaS


We observed that, our OKTA tenant admins when creating external users i.e. Non Federated, how can we request MFA prompts for such users. What is the process once MFA is enabled for the users.


Component: Clarity SaaS Operations

Release: 16.X


To enable MFA for Non-Federated users, open a Broadcom Support Ticket and request for enabling MFA for user with basic profile (refer FAQ in Additional Information section).

Process to request/enable MFA

    Steps carried by Customer

1: Create an OKTA user, by Customer OKTA Tenant Admin

2: Newly created users log into Clarity or activated explicitly 

3: Request Broadcom Support on Ticket, to add user to MFA group

     Steps carried by Broadcom

4: Broadcom SaaS Operations will add the user to MFA and customer will be informed to validate

     Steps carried by Customer

5: Once user added to MFA group, user will need to reset the password on first login


Additional Information


1: Is MFA enabled for the users created by OKTA Tenant admin of customer(Non Federated)?

From Broadcom OKTA perspective, there are two different type of users profile i.e. basic user and enterprise users. Whenever a user is created by OKTA Tenant admin it by default falls in profile of basic user and for them the MFA will not be enabled by default. 

2: Is MFA prompt will be prompted every time, for non-federated users?

As per Broadcom InfoSec Policy the MFA will be prompted to the user when system realizes that the user identity need to be re-validated. It consider lot of parameter to decide if there is any change observed for the user login. For example user login from a different network.

3: Is it expected behavior to have to change password after MFA has enabled on an account?

It is an expected behavior, as the associated groups of user has changed from non-MFA to MFA, it forces user to change the password on first login attempt.