As of Registry v4.5.0 it is possible to configure Registry to require MFA for access to most Registry functions.
Configuration
Similar to the MeemEnroller Plugin, indication of MFA is handled via Apache environment variables. Once this is set up, edit the Platform configuration via Platform > CMP Enrollment Configuration and set the following configurations:
- MFA Assertion Indicator: The name of the environment variable indicating if MFA was asserted at login
MFA Assertion Indicator Value: The expected value of the MFA Assertion Indicator variable if MFA was asserted at login
Because this configuration takes place at the Platform level, it is not possible to set an exemption Group of CoPeople who are not required to participate in MFA, as there are no CO Groups at the Platform level.
Exceptions
MFA is not required to access Mostly Static Public Content or when running an Enrollment Flow.
Clearing the MFA Configuration from the Command Line
It is possible to reset the MFA Configuration from the Command Line use the Reset MFA command. This may be useful if, for example, the MFA configuration is incorrect and it is not possible to login to updated it.
$ cd $APP $ ./Console/cake reset_mfa