Setup Role for MFA users
In this how-to, we'll go through the necessary steps in order to complete the following goals
- Have a Role for users logging in with Multi-factor authentication (MFA)
This is useful when you want to restrict access to AdminWeb or specific services for users that has logged on with MFA.
The information about MFA is included in the logon Claims by default.
ClaimType: http://schemas.microsoft.com/claims/authnmethodsreferences
Value: http://schemas.microsoft.com/claims/multipleauthn
Create the Role
- Go to AdminWeb > Roles > Add New Role
- Name > Give the Role a suitable name such as MFA
- Rule > The rule should be:
return user.hasClaim('authnmethodsreferences', 'http://schemas.microsoft.com/claims/multipleauthn');
Extra step for On-premise installations
If you Zervicepoint installed on-premise you need to check you configuration.
In the [ConfigurationSystem].[GlobalSettings] table check the setting ClaimCollectionTypes.
The value should include authnmethodsreferences.
Example value of ClaimCollectionTypes
Group;Role;Groups;Roles;authnmethodsreferences