How to enable MFA for SSO
Connections to SaaS applications for the SSO feature are considered as server connections in UserLock. Therefore, in order to activate the MFA for these connections, you need to enable "Server Connections" in the MFA section of the Protected Account.
To do this, open the properties of the Protected Account, and scroll down to "Multi-Factor Authentication" section, and select "Enable". Next, click on the tab "Server Connections", and select from the drop down menu the connection types to servers for which you wish to activate the MFA. Then ,choose the frequency for prompting users.
If users are not yet enrolled in MFA, they will be prompted to enroll at their next connection to a SaaS application configured in UserLock SSO.
How to enable MFA for SSO
Once you've configured SSO for your applications as explained here, you can apply MFA to these connections with a protected account for a user, group or OU.
To do this, open the properties of the Protected Account, and scroll down to "Multi-Factor Authentication" section, and select "Enable" from the first drop-down list (this will activate MFA for this account), then in the "Connections" tab choose "By session type". On the "SaaS" line, define the type of connection and the frequency of the MFA request, then validate with "Apply".
If users are not yet enrolled in MFA, they will be prompted to enroll at their next connection to a SaaS application configured in UserLock SSO.