Entra ID - MFA and CA

Jim Smith 0 Reputation points
2024-10-03T23:09:30.3233333+00:00

We have several apps registered and successfully using MFA with conditional access policies. However, we've recently introduced a partner that uses OKTA. This one application connection seems to disregard CA policies and prompt users for MFA (users are on the same 'trusted' network). The logs and Sign-in diag in Entra are a bit perplexing. There are no errors, nothing suspicious, and when drilling in, the diag states: Auth method: Previously Satisfied | Results: MFA requirement skipped due to IP address | Requirement: MFA is enforced for the user account. ...So, my question is: Am I reading the results wrong? If MFA is skipped and/or previously satisfied, why are users being prompted for MFA with this one app?

This challenge appears similar to: https://learn.microsoft.com/en-us/answers/questions/1340013/why-are-some-applications-prompting-for-mfa-and-ot

and/or... https://learn.microsoft.com/en-us/answers/questions/1295071/users-repeatedly-prompted-for-mfa

...Thanks for any insight

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,495 questions
{count} votes

1 answer

Sort by: Most helpful
  1. James Hamil 26,036 Reputation points Microsoft Employee
    2024-10-09T21:04:38.7766667+00:00

    Hi @Jim Smith , I assume you followed the steps in the threads you linked, and as you saw we're going to have to look into your environment. This issue is tricky to solve otherwise. Can you please send me an email at "azcommunity@microsoft.com" with subject "ATTN: James Hamil" and your subscription ID? I can open a free support ticket for you.

    If this answer helps you please mark "Accept Answer" so other users can reference it.

    Thank you,

    James

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.