App condition for MFA enrollment policies

For an MFA factor enrollment policy, you can set an app condition for end user applications. With this condition set, end users can be prompted for factor enrollment either when accessing all applications or for selected applications that are specified by the admin.

Based on how the condition is set, end users may be prompted to enroll in a factor when accessing all applications available to them or for specific applications only.

Edit Rule screen

Note the following when setting the app condition:

  • A multifactor policy must be first created before a rule can be set up to setting the app condition.
  • Apps that are based on OIDC, SAML1.1, SAML2, SWA are all supported.
  • All apps are supported except for Microsoft clients that use active mode authentication.
  • Microsoft Office 365 is supported; outdated Microsoft Office thick clients are not supported.

To learn how to configure the app condition, see Configure an MFA enrollment policy.