Failed to authenticate the Provision Manager:Please authenticate with MFA
Getting the above error when trying to prepare our account for SCIM.
The error is being displayed and preventing us from downloading the session file.
Get the same error when trying to generate new credentials as well.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Temporarily disabling MFA enforcement resolved this issue.
0 -
Hi @swatts123
This is a known issue with the SCIM Bridge and the new 1Password Advanced Protection feature set. I would strongly recommend you to keep the Enforced MFA off until the issue is resolved, otherwise your Provision Manager will not be able to make changes to your account.
Sorry for the inconvenience.
Graham
0 -
Any news about when this issue will be fixed?
0 -
I have no explicit timeline to share, but I can say it will not be before the New Year. The fix is not an easy nor simple one without poking a big hole in account security. We have to take the time to fix it properly.
Graham
0 -
Any update on being able to Enforce MFA while using a SCIM Bridge?
0 -
We don't have any updates yet, but the request is still on our radar :)
ref: dev/b5/op-scim#225
0 -
Isn't it possible to make that option to force-enable 2FA on accounts that belong to specific groups instead of making it a tenant-wide option?
We would like to use this as well, instead of manually policing our users and tell them they need to.
0 -
Hey @rickh
We have been working hard on this issue, and it is getting closer to being properly fixed! Currently it is moving from the development stage to the testing stage, so it will be in your hands in the near future.
To explain a bit as to why we can't just set MFA enforcement on some users/groups, as it is a part of your account security, MFA is baked in at a very low level during the authentication process. By design, when you want to enforce MFA it is applied to all your users during the initial handshake with no exceptions. There were some workarounds we considered implementing, but they all required a level of development time and testing comparable to the solution we chose.
Therefore we have essentially had to add a whole new type of user who authenticates in a different way. The utility of this user we are very excited about, as it not only fixes this SCIM Bridge issue but adds so much more. I'm getting a little ahead of myself, but the proper fix for this is in the pipeline and is coming soon. We will update this thread when the fix is released.
Graham
0 -
Any updates on this issue?
0 -
Thanks for checking in @custom_er.
The fix to this issue is in its final stages of development and testing, and should be coming soon. We will update this thread when it is released.
Graham
0 -
Hello everyone!
We're super excited to announce that 1Password now supports enforced two-factor authentication while using automated provisioning 🎉
You can read more about enforced MFA and our other new features in our blog post: https://blog.1password.com/improved-automated-provisioning/
0