Versions Compared

Old Version 4

changes.mady.by.user Benn Oshrin

Saved on

compared with

New Version 5

changes.mady.by.user Scott Koranda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • IdP Identifier Indicator: If set, this is the name of an environment variable that MEEM will examine during enrollment (after the Collect Identifier step) to determine the identifier of the Identity Provider that the Enrollee authenticated with. If this configuration is left blank, MEEM will not record MFA Status (see below).
  • MFA Assertion Indicator: If set, this is the name of an environment variable that indicates that the Identity Provider asserted MFA. The value of the environment variable must be the literal string yes, though this is subject to change in a future release. This setting is only effective if the IdP Identifier Indicator is also set and populated.
  • MFA Exemption CO Group: If set, this is the CO Group used to track which CO People are currently exempt from MFA. If MFA Assertion Indicator configure, and MFA was not asserted, the Enrollee will be added to this CO Group. Membership in this CO Group may also be manually managed.
  • Initial MFA Exemption: If set, when a CO Person is automatically added to the MFA Exemption CO Group, the memberships will be set to expire the configured number of hours after being created, allowing for a "grace period" before MFA is required. Note a Registry Job Shell must be configured to ensure timely reprovisioning of expired CO Group Memberships. See also: Registry Validity Dates.
  • MFA Enrollment Flow: The Enrollment Flow that establishes an MFA Authenticator, described below.
  • Enable MFA Setup Reminder Splash Page: Whether the MFA Setup Reminder Splash Page (described below) is enabled for this configuration.
  • Return URL Allow List: If the MFA Setup Reminder Splash Page is enabled, the a list of regular expressions (PHP syntax, including the delimiter, one regular expression per line) for permitted return URLs. Note that all Registry URLs are automatically considered valid, and so need not be added to this list. (ie: There is no need to adjust this setting to redirect into the MFA Enrollment Flow.)
  • API User: If set, the API User granted access to the MEEM REST API, described below.

...