We have sso enabled for all users at the moment but we haven't enforced it. Can I have MFA with Google Authenticator showing for the system admins and have SSO enabled for the rest of the team?
When I went to the Settings function and looked at the security settings for the Admin role, it already had 2FA ticked so I’m not sure if it is possible to have a mixture, and how to do it.
Best answer by ConorCunninghamView original
Unfortunately on Personio we cannot choose the employees who we want the SSO to be disabled for. In this case, you can either have it on for all employees or off for all employees.
For more information on this topic, I am providing you with our helpcenter guides below:
I would kindly ask that you submit this feature request via our Ideation Area for future considerations by our Product Team.
If there is anything else you need help with, let me know 😁
Thanks for getting back to me.
I discussed this with our IT security person, who in fact advised that SSO would be the preferred option over MFA and said that even if the system allowed, we shouldn’t go back to MFA for the system admins anyway.
My thought had been to ensure the strongest protection for those with the fuller system access and I thought MFA was the stronger. But since I had it the wrong way round, we don’t need this option anyway so I won’t put it in the ideation area afterall.
I’m happy that the option that I thought I wanted wasn’t available when it wasn’t what I actually needed!
Have a lovely day,