External SSO identity providers (such as Entra ID) can authenticate their users using two-factor authentication (2FA). However, the visibility of 2FA usage varies between providers, and there is no way to enforce 2FA usage on external SSO providers through Visma Connect IdP.
When Visma Connect IdP receives a claim from an external IdP indicating that 2FA was used, this information is passed on to applications via the amr claim in the ID Token. The amr claim will contain the value mfa when 2FA has been applied.
At present, 2FA usage is visible only for the following external SSO identity providers:
Entra ID
Okta (coming soon)