...
The MCB Model assumes that each user is certified for specific authentication contexts, and each authentication context has an associated authentication method. Those certifications are stored in the IAM. This mechanism can be used to require, for example, that certain users must use MFA. More complex risk assessment strategies, however, would require custom code, although that code could, in many cases, be implemented as a "scripted attribute," so that the IdP can use continue to use the same mechanism.
...
| Anchor | ||||
|---|---|---|---|---|
|
...
SP initial request – All users for the SP/IDP combination need to be MFA
...