Greetings. Wondering if the following scenario is possible, and if not, what would be the recommended course of action to take:
Currently, we have our Office 365 and another third-party application protected via Duo. As such, any logins to either application from our “trusted” ip addresses results in the Duo MFA prompt for a split second, then passing the ADFS login through as they are identified to originate from the aforementioned trusted network. Logins from outside our trusted ip addresses still prompt for MFA as expected.
We now have a new vendor and application that we are able to tie into our ADFS login, but this application needs to be prompted for MFA for all logins (note, the vendor has our ip addresses white listed, so no logins are permissible from any other network).
So, is the scenario as described possible without breaking our current configuration with ADFS, or are there other options to consider/implement?
Thanks in advance for any comments/solutions to my query.