Skip to main content
All CollectionsControl Tests
Test: MFA on Identity Provider
Test: MFA on Identity Provider

Drata uses its synchronized account delegation with your Identity Provider to request a list of all users and determine if MFA is enabled.

Ashley Hyman avatar
Written by Ashley Hyman
Updated over a week ago

ASSOCIATED DRATA CONTROL

This test is part of the MFA on Accounts control that ensures Multi-Factor Authentication (MFA) is being required for access to any sensitive systems or applications. Drata will verify that in order to log in a user needs to provide their ID, a password, and then either a One-Time Password (OTP) or certificate.

WHAT TO DO IF A TEST FAILS

If Drata finds an identity within your Identity Provider (IdP) that does not have MFA enabled for all users of the application the test will fail. With a failed test you will receive a list of users that do not have MFA enabled on their account.

To remediate a failed test you will have the ability to send email reminders within Drata to each user, reminding them that they need to enable MFA on their account. The emails sent from Drata will direct your employees back to their onboarding tasks in Drata, which include instructions on how to enable MFA.

HELPFUL RESOURCES

Did this answer your question?