Recommended way to handle multiple MFA for single SSO account?

Options

I'm trying to figure out the best way to approach this scenario, which I have come across in several different places.

  • I have an account with a provider (e.g. Active Directory)
  • This account is configured for SSO with numerous applications
  • Some of those applications implement MFA within the application (e.g. AWS SSO, OpenVPN Access Server etc.)

What happens is, I use 1Password to enter my credentials into the application, then I get asked for my MFA code. Since the MFA code is different for each application, I can't store it in the same 1Password entry.

Currently I have additional 1Password entries for each application, containing just the URL and the OTP field. This works, but it's painful looking for the correct entry each time rather than having 1Password fill it in automatically.

Is there a recommended approach to this situation?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided
Referrer: forum-search:multiple mfa for same account

Comments

  • Hi @molusc:

    How you're currently storing the individual two-factor authentication codes is probably your best bet. With that said, I can definitely see how this isn't ideal, so I've shared your thoughts with the team.

    Jack

    ref: IDEA-I-412

  • molusc
    molusc
    Community Member
    Options

    Ok thanks for letting me know @Jack.P_1P

    From my testing it seems it is possible to add multiple OTP fields to a 1Password entry, but there is no way to do autofill for them; it always fills the first one. TBH I'm not even sure that would be the best UX anyway even if it did work

  • You're very welcome @molusc. Feel free to get in touch if there's anything else we can help you with.

    Jack

This discussion has been closed.