Skip to content

MFA Rules Management

This page shows a list of MFA rules and allows for the creation of new or deletion of existing ones.

An MFA rule defines how the software assigns a specific MFA provider to a user (or group of users) during the login process. The software permits different users and groups to have different MFA providers assigned to them.

Note

To define the configuration of MFA providers, please use the appropriate page for the available providers located in the Configuration section of the main navigation menu. Only MFA providers that have been successfully integrated with 12Port will be available for assignment.

MFA Rule Types

The software supports the following rules:

  • User based - this rule assigns an MFA provider to an individual user. This is the strongest assignment that overwrites all other rules.
  • Group based - this rule assigns an MFA provider to a group of users from the integrated user directories. The software uses this rule when there are no rules that assign MFA to an individual user. In case of conflicts when a user is a member of several groups with different MFA assignments, the software will choose the last updated (or created) rule.
  • Default - the software uses the MFA provider assigned to a default rule in such cases where no user or group based assignments exist for the logged in user. When the Default assignment is not defined, no MFA is required for the user.

Creating User or Group Assigned MFA Rules

To create a MFA Rules for a User(s) or Group(s):

  1. Log in with an Administrator or MFA Manager account.
  2. Navigate to Management > MFA Rules and click the Add button.
  3. In the User or Group parameter, select the User or Group that will have this MFA Rule applied to their account.
  4. For the MFA Configuration parameter, select the configured MFA Provider that will be used to enforce MFA on the assigned account. The MFA Provider is labeled based on its configuration "Name (MFA Type)", for example "Production (Duo Security)".
  5. Click the Save button to complete the operation.

Tip

MFA rules could be used to assign an MFA provider as well as to make an exception for a certain user or a group. Create a rule with the MFA Disabled (Disabled) provider to exclude a user or a group from the broader defined MFA rule category.

Creating a Default MFA Rule

To create a Default MFA Rule:

  1. Log in with an Administrator or MFA Manager account.
  2. Navigate to Management > MFA Rules and click the Manage Default button.
  3. For the MFA Configuration parameter, select the configured MFA Provider that will be used to enforce MFA on the assigned account. The MFA Provider is labeled based on its configuration "Name (MFA Type)", for example "Production (Duo Security)".
  4. Click the Save button to complete the operation.

Managing MFA Rules

To edit an existing MFA Rule:

  1. Log in with an Administrator or MFA Manager account.
  2. Locate the MFA Rule to be edited and use the Actions > Edit option to modify the rule.
  3. Make any necessary changes and click the Save button to complete the edit operation.

To delete an existing MFA Rule:

  1. Log in with an Administrator or MFA Manager account.
  2. Locate the MFA Rule to be deleted and use the Actions > Delete option to remove the rule.

Tip

You can also bulk delete MFA Rules by selecting each rule to be deleted and using the Mass Actions > Delete option.