FMC Admin login with MFA
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-25-2024 01:36 PM
We have successfully tested SSO with MFA logon to the FMC. However, when we attempt to logout, we receive the following message
You are logged in using SSO provided by Azure. To protect your Firewall Management Center account from unauthorized access, you must separately end your Azure IdP session.
There is a button labeled "Redirect to Azure for Log Out."
Clicking that button redirects me to my MS 365 home page.
Subsequent logon attempts to the FMC allows me right into the console without 1st or 2nd factor authentication.
I know that this is the basic premise for SSO...but I wanted to know if there was a way to terminate a session so that I am not allowed directly back into the console without being challenged.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-25-2024 02:13 PM
since you are using the browser you are bound by the M365 login already there... but there are some workarounds you can implement:
https://www.reddit.com/r/AZURE/comments/xrupux/conditional_access_require_mfa_every_single_time/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-29-2024 01:15 PM
Here is one workaround. where would I do this in FMC?
I modified the machine sending the SAML request to use the ForceAuthn=true option which forced all users accessing an authentication portal to authenticate every time without making changes to the conditional access policy.
