SAML response

a1 26 Reputation points
2023-11-26T18:12:21.8466667+00:00

Hey,

I have a question about saml response-

Is there a way to add to SAML response an attribute if the user used MFA? so the service provider will receive this information?

Haven't found this information on the internet.

Thanks.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
18,734 questions
{count} vote

Accepted answer
  1. Sandeep G-MSFT 13,501 Reputation points Microsoft Employee
    2023-11-27T10:53:23.15+00:00

    @a1

    Thank you for posting this in Microsoft Q&A.

    As I understand when users try to access the application, you are looking for a claim in SAML response for user to see if user has done MFA or not.

    This is by default included in the claim. Attribute name is "authnmethodsreferences".

    If user has done MFA while accessing the application then output will be something like below,

    User's image

    If user has not done MFA and if they have accessed the application using password, then claim will look something like below,

    User's image

    Default claims in SAML response are mentioned in article below,

    https://learn.microsoft.com/en-us/entra/identity-platform/reference-saml-tokens#claims-in-saml-tokens

    Let me know if you have any further questions.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


1 additional answer

Sort by: Most helpful
  1. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.


    Comments have been turned off. Learn more