View MFA Misconfigurations

1. To navigate to the Identity Security dashboard, select Posture SecurityIdentity.
2. View the information for MFA.

   The dashboard displays information about MFA misconfigurations that the Identity Security component detected from the Identity Provider shown. If more than one identity provider instance is connected to SSPM, you can select a different Identity Provider from the list. You can also Add Provider to onboard a different Microsoft Azure or Okta instance.

3. Inspect the information displayed in the upper section of the dashboard for a high-level summary of the problems that the Identity Security component detected in your MFA implementation. The top section of the dashboard displays the following information.

   MFA Enrollment Issues

   Displayed Information	Description
   Users with no MFA	The number of users who are not enrolled in any additional factors for MFA. If MFA enforcement policies are not configured for the identify provider, these users can access SaaS applications through the identity provider by using only one factor. If those credentials are compromised, there is no additional layer of security to prevent unauthorized access to their account. These users should enroll in a strong second factor for MFA.
   Users with weak MFA	The number of users who are enrolled in one or more additional factors for MFA, but whose factors are not resistant to phishing, social engineering, or interception attacks. The weak MFA factors include factors such as email verification and short message service (SMS) verification. Weak second factors offer less protection than stronger factors, such as biometric login or a hardware key. If MFA enforcement policies on the identity provider are not configured to prevent sign-ins using only weak factors, then the account can be more easily compromised. These users should enroll in a strong second factor for MFA.

   MFA Sign-In Issues

   Displayed Information	Description
   Sign-ins with weak MFA	The number users who signed into SaaS applications by using only weak factors, which are not resistant to phishing, social engineering, or interception attacks. Although the users might have registered a strong second factor, such as biometric login or a hardware key, they used only a weak factors factors, such as email verification and short message service (SMS) verification, to sign in. Administrators should create or modify policies in the identity provider to require these users to sign in using a strong second factor for MFA.
   MFA misconfigurations by SaaS Application	The number of sign-ins with no MFA or weak MFA, organized by SaaS application.

4. Navigate to the User Details and MFA Configurations tab, which displays MFA information for each user managed by the identity provider. The displayed information includes the user's group memberships, enabled MFA types, and time since the user's last password change.

   To filter this table to show only users with particular MFA enrollment or sign-in issues, click any of the misconfiguration counts displayed in the upper section of the page, such as the number of users or administrators with no MFA or with weak MFA.

   In the table, you can also Add Filter to filter the table by user attributes, such as the MFA types enabled and the MFA strength.

   To export a CSV file with a list of the incidents, Download Report. The report will contain all users unless you applied a filter to the table.
5. To view more information about a particular user's sign-in activities, navigate to the User Sign-in Activities tab and View Activity Log.
6. Take action on MFA misconfigurations. Have users enroll in the strong second factors that your organization requires, and create or modify policies to close any MFA enforcement gaps.