What is a one sentence summary of your feature request?
We would like options for automatically setting a preferred MFA for new users.
Please describe your idea in detail. What is your problem, why do you feel this idea is the best solution, etc.
When using an AD Group reference (in Users & Groups) the Group level Authentication Connector can be set to a specific auth type but the individual members under that Group still have the default “Internal MFA”. Before these users can sign in as needed (with our required MFA) you must go set the auth connector at the user level. In our case the AD Group reference is used due to the high turnover rate of these users and so rather than work tickets for these new users, I’d like the ability to set the default Auth Connector type for either the entire environment (which would be ideal for us) or a toggle switch at the Group level that would force the contained users to the auth type of the Group. If setting the preferred MFA at the environment level, I’m imaging the need for one or more accounts to be excluded from our preferred Authentication type as a break-glass. Perhaps that could be done at the Configuration | Authentication page where we have our MFA setup.
How do you currently solve the challenges you have by not having this feature?
Without this option we’ll have to continue to work tickets for all new users, in order to simply log in and set the preferred auth mfa type.