Limit MFA device types for the datasource MFA option

Hello,

Setting the Yubikey MFA in File - My Account Settings - Data Source MFA is possible.





Then, to enforce MFA on the user's data source, enable the Force data source multi-factor configuration option in Administration - System Settings - Security Settings.



Finally, in Administration - System Settings - Applications, you can select which event to disconnect the data source from to prompt for MFA.



Let us know if that helps.

Best regards,

Hello Érica,

Thank you for your response, we have already followed these steps to enroll Yubikey, but I am searching for an option to prevent the usage of TOPT and DUO as 2nd factor.
Or an option for the admininstrators of RDM so they can not only see that MFA is enrolled for a user, but also which types.
More or less how Microsoft can show the registered MFA options on an user basis

Kind regards

John

Hello John,

Thank you for your response.

If you use a SQL data source, it's impossible to prevent Duo or TOTP usage. If you want to enforce the Yubikey, I recommend you migrate to a Devolutions Server (DVLS) data source. With DVLS, we can specifically enable which MFA is allowed when authenticating to the data source.
https://docs.devolutions.net/server/web-interface/administration/configuration/server-settings/security/two-factor/
https://docs.devolutions.net/server/web-interface/administration/configuration/server-settings/security/conditional-access-policies/

Let me know if you have any more questions.

Best regards,