In general, I would like every access to Segura to be secured with MFA. For local users and those synced with AD/LDAP, I believe the best option is to enforce “Force multi-factor authentication for all users” under “Security Policies and Network.”
I usually configure an additional SSO/OIDC provider as another authentication provider. Now, users can log in with either their local username and password or through OIDC.
When logging in with OIDC, users receive two MFA prompts (one from Segura and hopefully one from the OIDC provider).
Is there a way to mark some external auth sources as “trusted” (as in “i trust my auth provider to enforce MFA”), so the local MFA prompt is skipped during login?
I do know that other solutions usually provide such an option, but sadly, I have not found a comparable setting in Segura yet.
Thanks!