RequestedAuthnContext enabled, and enforcing PasswordProtectedTransport

Deepthi 26 Reputation points


Client has set passwordless authentication on their Azure app. While setting up SAML SSO integration, we recommended our client to update their Azure configuration to enable Password ProtectedTransport, as our provider is not set up to accept X509.
In response to above suggestion, client came back stating
By having RequestedAuthnContext enabled, and enforcing PasswordProtectedTransport, would that force us to authenticate with only Username and Password and invalidate all other methods of authentication (Passwordless, FIDO2, etc)? If so, we’d have to disable other methods of authentication so that our users won’t have the option to do so. Do you know of a way in our SSO setup where we can enforce this, but only for this application?

Can someone advise if the the passwordless authentication can be avoided for one particular application that is integrated in Azure?


Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,457 questions
0 comments No comments
{count} vote