Monitor MFA posture

Use the Deep MFA & SSO Analysis Report page to get a comprehensive and continuous analysis of multifactor authentication (MFA) and Single Sign-On (SSO) coverage for your org. The metrics on this page give you a unified view of your MFA adoption, enrollment, and enforcement trends for accounts and apps. Security teams can use this page to prioritize and reduce authentication risks across the org.

Benefits

  • View a continuous analysis of account MFA statuses, app-level MFA requirements, and the security level of registered authenticators.

  • Identify high-risk user access such as admins without MFA, users with weak authenticators, and others that require immediate attention.

  • Get visibility on accounts that may be bypassing established MFA policies by logging in directly to apps without their SSO or MFA. This helps you focus remediation efforts to tackle the biggest risks first.

Monitor your org's MFA posture

  1. In the ISPM console, go to Dashboard Deep MFA & SSO Analysis Report.

  2. Review the counts that are associated with the various widgets:

    • Unprotected MFA: Learn about the MFA enablement and enforcement trends in your org based on the MFA status of the accounts (human and non-human). Accounts that don't require MFA to access resources or don't have authenticators enrolled present a security risk to the org.

    • Weak Authenticators Registered: Discover the authenticators types enrolled for accounts (excludes service accounts) in your org. The authenticators are categorized by the level of protection they provide.

    • Apps without MFA Requirements: Track the percentage of apps that don't require MFA and are vulnerable to unauthorized access. This analysis is based on the following user access requirements specified in the app-level sign-on policies and by the SSO provider:

      • MFA not required: More than 20% of the accounts can access apps without MFA.

      • MFA required: Most accounts require MFA to access apps.

      • MFA required conditionally: Most accounts may not be prompted for MFA when they meet specific conditions for location, platform, or device.

      Use this to identify and secure apps that are vulnerable to unauthorized access.

    • Top Unprotected MFA Bypass Insights: Discover the most common ways users can bypass MFA in your org. This helps you find and fix gaps in your security policies. Surface common configurations or policy gaps that allow accounts to bypass MFA enforcement, focusing on the most frequent occurrences.

    • SSO Bypass: Track the percentage of user accounts that can sign in to apps directly without using SSO. Service accounts aren't included in this metric to help ensure actionable insights.

    • Most Critical MFA Issues: Get a list of critical MFA-related vulnerabilities that are prioritized by severity. This enables you to address the highest risks first.

Related topics

Identify potential MFA risks