App Condition for MFA Enrollment Policy

For an MFA factor enrollment rule, you can set an app condition for end user applications. With this condition set, end users can be prompted for factor enrollment either when accessing all applications or for selected applications that are specified by the admin.


Based on how the condition is set, end users may be prompted to enroll in a factor when accessing all applications available to them or for specific applications only.


Before you begin

Note the following when setting the app condition:

  • A multifactor policy must be first created before a rule can be set up to setting the app condition.
  • Apps that are based on OIDC, SAML1.1, SAML2, SWA are all supported.
  • All apps are supported except for Microsoft clients that use active mode authentication.
  • Microsoft Office 365 is supported; outdated Microsoft Office thick clients are not supported.

Configure the app condition

  1. From the admin dashboard, navigate to Security > Multifactor > Factor Enrollment > Add Multifactor Policy.
  2. Click Add Rule or Edit Rule to modify an existing rule. Note that a rule can only be added once a multifactor policy has been created.
  3. Under AND User is accessing, select Applications.
  4. Select Any application to apply this rule to all applications that can be accessed by the end user. Select Specific applications to manually enter the applications that will be affected by this rule. Only applications that are available to end users will be displayed here.
  5. Click Update Rule to save your changes.
  6. Edit Rule screen

For more information about factor enrollment policies and rules, refer to Multifactor Authentication.