You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I noticed the addition and then removal of being able to pass the IP as a parameter. I'd prefer if there was auto-detection of the IP. Seems preferable to adhere to the same process that the OneLogin GUI does. That is, the requirement of using MFA should be dependent on your source IP. If that IP falls into a whitelisted IP then you don't need MFA. Otherwise, you need MFA. For an end-user to be able to arbitrarily edit the source IP and bypass MFA seems like a faulty security model. Just detect it and let the already-defined rules apply.
The text was updated successfully, but these errors were encountered:
I noticed the addition and then removal of being able to pass the IP as a parameter. I'd prefer if there was auto-detection of the IP. Seems preferable to adhere to the same process that the OneLogin GUI does. That is, the requirement of using MFA should be dependent on your source IP. If that IP falls into a whitelisted IP then you don't need MFA. Otherwise, you need MFA. For an end-user to be able to arbitrarily edit the source IP and bypass MFA seems like a faulty security model. Just detect it and let the already-defined rules apply.
The text was updated successfully, but these errors were encountered: