Require MFA prior to accessing SSPR URL

Oscar Goco · ‎Jul 10 2018

Currently, the SSPR verification site is accessible once a user clicks "Can't access your account?". There is nothing restricting viewing/accessing this site.

Is it possible restrict access to this SSPR verification site only after a user is validated by MFA? Customer wants to add a level security so only users that are MFA verified access to the SSPR verification site to enter the validation information needed. They are not concerned with SSPR process, it works fine. They want to minimize spray attacks using verification information.

It is understood, that using verification using txt or call my phone and email address can be used. However, the question is accessing the verification site and not the methods of verification.

If MFA cannot be used, what other combination of methods can be leveraged?

Thanks,

Oscar

Nestori Syynimaa · ‎Jul 11 2018

I'm afraid you can't do that. That's because when someone is accessing the SSPR site, the site doesn't know yet which user is accessing the site.

Steven Collier · ‎Jul 11 2018

Surely to use MFA would need them to know their password in the first place ...

Require MFA prior to accessing SSPR URL

Require MFA prior to accessing SSPR URL

Re: Require MFA prior to accessing SSPR URL

Re: Require MFA prior to accessing SSPR URL

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Require MFA prior to accessing SSPR URL

Require MFA prior to accessing SSPR URL

Re: Require MFA prior to accessing SSPR URL

Re: Require MFA prior to accessing SSPR URL