View MFA Misconfigurations

To navigate to the Identity Security dashboard, select
Posture Security
Identity
.
The dashboard displays information about MFA misconfigurations that the Identity Security component detected from the
Identity Provider
shown. If more than one identity provider instance is connected to SSPM, you can select a different
Identity Provider
from the list. You can also
Add Provider
to onboard a different Microsoft Azure or Okta instance.
Inspect the information displayed in the upper section of the dashboard for a high-level summary of the problems that the Identity Security component detected in your MFA implementation. The top section of the dashboard displays the following information.
MFA Enrollment Issues
Displayed Information	Description
Users with no MFA	The number of users who are not enrolled in any additional factors for MFA. If MFA enforcement policies are not configured for the identify provider, these users can access SaaS applications through the identity provider by using only one factor. If those credentials are compromised, there is no additional layer of security to prevent unauthorized access to their account. These users should enroll in a strong second factor for MFA.
Users with weak MFA	The number of users who are enrolled in one or more additional factors for MFA, but whose factors are not resistant to phishing, social engineering, or interception attacks. The weak MFA factors include factors such as email verification and short message service (SMS) verification. Weak second factors offer less protection than stronger factors, such as biometric login or a hardware key. If MFA enforcement policies on the identity provider are not configured to prevent sign-ins using only weak factors, then the account can be more easily compromised. These users should enroll in a strong second factor for MFA.
MFA Sign-In Issues
Displayed Information	Description
Sign-ins with weak MFA	The number users who signed into SaaS applications by using only weak factors, which are not resistant to phishing, social engineering, or interception attacks. Although the users might have registered a strong second factor, such as biometric login or a hardware key, they used only a weak factors factors, such as email verification and short message service (SMS) verification, to sign in. Administrators should create or modify policies in the identity provider to require these users to sign in using a strong second factor for MFA.
MFA misconfigurations by SaaS Application	The number of sign-ins with no MFA or weak MFA, organized by SaaS application.
Navigate to the
User Details and MFA Configurations
tab, which displays MFA information for each user managed by the identity provider. The displayed information includes the user's group memberships, enabled MFA types, and time since the user's last password change.
To filter this table to show only users with particular MFA enrollment or sign-in issues, click any of the misconfiguration counts displayed in the upper section of the page, such as the number of users or administrators with no MFA or with weak MFA.
In the table, you can also
Add Filter
to filter the table by user attributes, such as the MFA types enabled and the MFA strength.
To export a CSV file with a list of the incidents,
Download Report
. The report will contain all users unless you applied a filter to the table.
To view more information about a particular user's sign-in activities, navigate to the
User Sign-in Activities
tab and
View Activity Log
.
Take action on MFA misconfigurations. Have users enroll in the strong second factors that your organization requires, and create or modify policies to close any MFA enforcement gaps.