Questions about the MFA Enablement
Summary:
We have some questions about the MFA Enablement since our customer does not want to test the policy directly in their environment.
Content (required):
Hello, everyone!
We have questions about the seeded sign-on policy enforcing MFA configuration and usage for IDCS, and we were hoping you could shed some light on those, please.
○ When the policy gets enabled, will all users be notified to configure their two-factor authentication or only the non-federated users? We have SSO configured in our environment and the only local users are the ones that need to run EPM Automate or REST API calls.
○ Which users are effectively recommended to have MFA? I understand that only Domain Admins can access/change configuration in IDCS/OCI Console, so should only Domain Admins need MFA enforcement?