New Feature: Verified Stolen Credential Detection

Push Help Center
Ready to help
Help for administrators
Help for admins
Help for employees
Help for employees
Help for administrators
/
Browser extension

How does MFA enforcement work?

In this section:

Using Push’s MFA enforcement control, you can prompt end-users to register for MFA on apps where they lack it.

When an employee’s browser is enrolled in Push, the Push browser extension uses their active session to check whether they’re registered for MFA. If they’re not registered, the user will see an in-browser banner instructing them to sign up for MFA.

MFA enforcement configuration slideout - KB 10121

How it works

As soon as the Push extension observes an active session on an app where MFA enforcement is applied, it uses the logged-in user’s existing session to query the app’s API and check their MFA registration status.

If the employee is not registered for MFA, the extension displays an in-browser banner message. The message and button text are customizable by a Push administrator.

Note: For apps that Push has just observed (such as new signups to apps), the MFA enforcement banner will only display after several minutes. This is designed to avoid blocking users who haven't yet had a chance to add MFA to a new app.

MFA enforcement banner - KB 10121

Once the banner is triggered, the extension then checks for the employee’s MFA status every 5 seconds. Once the extension detects that MFA registration is complete, the banner disappears.

If the employee closes the banner, they won’t see it again for at least 12 hours, or whenever they next use the app.

If an app supplies a distinct MFA registration page, the banner button will take the user directly there to complete the process.

Note: When enabled, this control will enforce MFA registration across all tenants (instances) of the selected app. This means you can enforce MFA even on test or unmanaged tenants.

Supported apps

You can see the list of supported apps when configuring the control in the admin console. Check the MFA not used column of the app selection slideout to see where Push has identified missing MFA on accounts in your environment.

MFA enforcement slideout - MFA not used column - KB 10121

Markdown for styling custom message

The custom message field supports link and email syntax using markdown, but no other formatting.

Example markdown:

  • [Push Security](https://pushsecurity.com)
  • [Steph](mailto:steph@ctrlaltsecure.com)

Need more help?
Questions, feedback, tech support, sales support - anything you need.
We’ll get back to you within a day.