IBM Verify

View Only

IBM Verify Identity Access : Implement TOTP MFA as part of SAML2 authentication

Someswara Reddy Karem posted Mon March 31, 2025 12:53 PM

Dear Community team,

I configured IBM Verify Identity Access 11 to implement SAML2 IDP, it is working as expected. User is able to login (pkmslogin.form) and POST SAML assertion to acs url.

However we have a requirement to implement TOTP MFA as part of SAML2 authentication. I added Access Policy (var promptTOTP = true;) and enable access policy in Federation as well and handler.setRedirectUri set as the below, but it is not working.

handler.setRedirectUri("/sps/authsvc/policy/totp\
?Target=https://iviaproxy.poc.com/isam@ACTION@");

Is there any cookbook to follow exact steps to enable MFA for SAML2 integration?

It would be appreciated if you provide guidance/steps on implement MFA for SAML2

Thank you!

JACK YARBOROUGH posted Mon March 31, 2025 05:06 PM

Someswara,

In IVIA 11.0.0.0 the traditional TOTP is disabled by default and you need to use a policy that has the 'OTP Enrollment' authentication mechanism configured.

Please try this and confirm whether it resolves your issue.

Someswara Reddy Karem posted Mon March 31, 2025 07:26 PM

It is working as expected when I add OTP enrolment step in authentication policy. Thanks for your support.

IBM Verify

IBM Verify Identity Access : Implement TOTP MFA as part of SAML2 authentication

Additional
Resources

Office

Quick Links

IBM Verify

IBM Verify Identity Access : Implement TOTP MFA as part of SAML2 authentication

Related Content

Secure IBM Ceph GUI Dashboard with MFA using IBM Security Verify

Access Manager Federation Cookbook

ISAM - How to configure MFA using TOTP after ISAM login?

[Verify SaaS] Series:: Configure Salesforce as the service provider (SP) & Verify SaaS as the identity provider (IdP)

Configuring Single Sign-On(SSO) with Salesforce using IBM Cloud Identity (step by step guide)

Additional Resources

Office

Quick Links

Additional
Resources