Cloudflare Access independent MFA#29681
Cloudflare Access independent MFA#29681asamborski wants to merge 3 commits intocloudflare:productionfrom
Conversation
initial commit, missing the bulk of doc update
asamborski
requested review from
a team,
Maddy-Cloudflare,
codyanthony850 and
ranbel
as code owners
|
|
||
| </TabItem> <TabItem label="API"> | ||
|
|
||
| Send a `PUT` request to update your Access organization settings with MFA configuration: |
There was a problem hiding this comment.
Should be PATCH? We support PUT but that means sending all existing values too
There was a problem hiding this comment.
I don't see a PATCH option in the API docs, only PUT: https://developers.cloudflare.com/api/resources/zero_trust/subresources/organizations/methods/update
Do we support PATCH?
src/content/docs/cloudflare-one/access-controls/access-settings/independent-mfa.mdx
Show resolved
Hide resolved
src/content/docs/cloudflare-one/access-controls/access-settings/independent-mfa.mdx
Show resolved
Hide resolved
| 4. **[Global session](#global-session-duration)** — Controls how often the user must log in to the IdP across all applications. | ||
|
|
||
| :::note | ||
| If you use [independent MFA](/cloudflare-one/access-controls/access-settings/independent-mfa/), the MFA session duration is managed separately from the sessions listed above. A user can have a valid application session but still be prompted for MFA if their MFA session has expired. For more information, refer to [MFA session duration](/cloudflare-one/access-controls/policies/mfa-requirements/#mfa-session-duration). |
There was a problem hiding this comment.
I don't think this is accurate
Application session (or policy session duration) always last however long they're defined - if MFA expires while an app session is active, the user can still access the app. They're not prompted for MFA until they go to a different app
There was a problem hiding this comment.
I don't think it applies mid session, but if you try to access the application again from another tab, wouldn't MFA fire?
|
superseded by #29713 |
5 participants
Summary
Cloudflare Access supports independent multi-factor authentication (MFA), allowing you to enforce MFA requirements without relying on your identity provider (IdP). This feature addresses common gaps in IdP-based MFA, such as inconsistent MFA policies across different identity providers or the need for additional security layers beyond what the IdP provides.
Screenshots (optional)
Documentation checklist