Setting the MFA Points Granted by SSO Connections

Each SSO Connection (Service Providers and Identity Providers) that you federate with EmpowerID can be configured with a MFA point value to help users reach the required number of points for accessing EmpowerID as specified on their assigned Password Manager Policies. MFA points granted by an SSO Connection start at 0 and can be incremented depending on the trust factor your organization places on the provider. For example, if you are setting the number of MFA points for an IdP, you might choose to give a more trusted Identity Provider, such as the Windows IdP, a point value of 2, and a less trusted IdP, such as a social media IdP, a point value of 1 or 0.

If the IdP selected by users grants enough points to meet your policy requirements, those users are granted access once authenticated. If the IdP does not, further points will need to be acquired.

To set the MFA points granted by SSO Connections

  1. From the Navigation Sidebar, navigate to the OAuth Application management page by expanding Admin > SSO Connections and clicking OAuth.
  2. From the OAuth Service Provider tab of the OAuth Application management page, search for the provider to which you want to set the number of MFA points and then click the Display Name link for that provider. In this example, we are selecting Google ReCaptcha.
  3. From the External OAuth Provider Details page that appears, click the Edit link. Edit links have the Pencil icon.
  4. Type the desired point value in the MFA Point Value field and then click Save.