I added Microsoft Entra (fka AzureAD) as a third party entity provider and users are now able to sign in using this. But users are still prompted for Oracle MFA and we would like to disable that since we already have MFA within Microsoft Entra.
I looked at the sign on policies and we have 3: Default Sign-On Policy, Security Policy for OCI Console and User Category Based Sign-On Policy. I am not clear on which one is used for what, but through process of elimination looking at the sign on rules for each of these, the only one that had a sign on rule with Prompt for an additional factor checked was Security Policy for OCI Console and that had 2 sign on rules called MFA for administrators and MFA for all users. So I assume this is what is used.
So I added a new sign on rule called Microsoft Entra MFA ByPass and selected Microsoft Entra as the Authenticating identity provider and I made sure the Prompt for an additional factor is unchecked. Then I changed the MFA for administrators and MFA for all users sign on rules and added Username-password as the Authenticating identity provider for those. Then I changed the priority and made the Microsoft Entra MFA ByPass sign on rule the first.
I expected this to cause anyone authenticating though Entra to not be prompted for Oracle MFA while folks authenticating through Oracle username / pwd to still be prompted for Oracle MFA. The result is no change, everyone is still prompted for Oracle MFA.
Any idea?