Configure to block Azure MFA login using User B, if Siteminder with integrated VIP Authentication Hub used User A for initial Siteminder login
search cancel

Configure to block Azure MFA login using User B, if Siteminder with integrated VIP Authentication Hub used User A for initial Siteminder login

book

Article ID: 382786

calendar_today

Updated On: 11-26-2024

Products

VIP Authentication Hub

Issue/Introduction

As a security concern disallow/block  Azure MFA login flow when using say User B (via "Sign in with another account"), if SiteMinder with integrated VIP Authentication Hub used User A for initial login. Allowing such a user mismatch in VIP Authentication flows represents a security concern.

Environment

Supported VIP Authentication Hub versions

Cause

Security Concern - Azure MFA allows an alternate user say User B to login via "Sign in with another account" (note User B is not the  user that was used to sign-in to Siteminder)

Resolution

1. Set "Verify Identity" to "ON" for Identity Provider "Azure MFA". 

2. Any attempt to use say User B  via Azure MFA (where User A was used for initial Siteminder login) will block user B and present the error below.