User Authentication from Different Device Types
Access Management will be configured to detect user authentication from multiple device types within the same authentication session. If multiple authentications are identified, Access Management will force an MFA Challenge. If the MFA Challenge fails on a mobile device, the Enterprise Mobility Management (EMM) application will lock the device as a possible compromised device.
User authentication from both a mobile and non-mobile device within an active authentication session.
– Click for larger image –
- End User is able to access desired applications.
- Access Management enforces MFA as appropriate.
IDSA Security Controls
Authentication based on risk posture derived from at least one risk engine (Cloud Access Security Broker, Fraud & Risk, UEBA, SIEM).
Enterprise Mobility Management (EMM) device management based on risk posture derived from at least one risk engine (Cloud Access Security Broker, Fraud & Risk, UEBA, SIEM)