Identity Security
      Back to home
      1. Sittadel Knowledge Base
      2. TechOps
      3. Identity Security

      Manage Multi-Factor

      Use this operation to add or remove allowed multi-factor authentication (MFA) methods for users.

      Role Requirements

      Procedure Scope: Administrators

      Required Group Membership: Admin.Security

      Handbook Reference

      Package: Identity Security

      Domain: Multi-Factor Management

      Modifies: MFA Registration User Exception, Allowed Passkey (FIDO2) MFA User(s), Allowed Microsoft Authenticator MFA User(s), Allowed SMS MFA                                                        User(s), Allowed Temporary Access Pass MFA User(s), Allowed Hardware                                                          OATH Tokens MFA User(s), Allowed Third-party Software OATH Tokens MFA                                                  User(s), Allowed Voice Call MFA User(s), Allowed Email OTP MFA User(s) ,                                                        Allowed Certificate-based Authentication MFA User(s)

      2024-12-17_9-49-52

      When to Perform this Operation

      As Needed: Proactive or in Response to User/Security

      Technical Description and Importance

      Managing MFA methods ensures that users are granted access to authentication options that align with security and operational policies. Allowing or restricting MFA methods can help mitigate risks associated with weaker authentication factors while ensuring users can securely access resources. This management process supports compliance requirements by enforcing the use of secure authentication mechanisms. Regular updates ensure that authentication methods remain aligned with evolving security standards and user needs.

      Management Options

      2024-12-17_10-15-21

      Exempt a User from MFA Registration:

      Purpose
      Creates an exception to bypass MFA registration.
      Use Case
      A break-glass or emergency account must be excluded from MFA registration for accessibility during outages.

      Add User MFA Authentication Method:

      Purpose
      Grants a user access to an allowed MFA method.
      Use Case
      A user requires a new MFA method, such as FIDO2 passkeys, for secure authentication.

      Remove User MFA Authentication Method:

      Purpose
      Revokes a specific MFA method from a user.
      Use Case
      A user loses access to a previously assigned MFA method and needs it removed for security reasons.

      2024-12-17_10-15-21-1

      Operation Action Target
      Exempt a User from MFA Registration Addition MFA Registration Exception
      Add User MFA Authentication Method Addition Allowed MFA Methods (Passkey, Authenticator, SMS, etc.)
      Remove User MFA Authentication Method Removal Allowed MFA Methods (Passkey, Authenticator, SMS, etc.)

      Exempt a User from MFA Registration

      This operation exempts a user from mandatory MFA registration requirements.

            1. MFA Registration Exemption

      Add User MFA Authentication Method

      This operation adds a new MFA method for a user, enabling authentication through the specified method.

            1. MFA Authentication Methods User Addition

      Remove User MFA Authentication Method

      This operation removes a previously assigned MFA method from a user’s authentication options.

            1. MFA Authentication Methods User Removal

      Need Assistance?

      Reach out to your Customer Success Manager to discuss how a Sittadel cybersecurity analyst can assist in managing these tasks for you. New to our services? Inquire about arranging a consultation to explore optimizing your Azure environment for painless management.