How to allows forced MFA when users connect to an specifis app

Question

I configured my vpn ssl on fortigate to authenticate with Azure AD. I create an conditional access to required MFA. But when user try to connect some days after the application don’t ask for login passWord or MFA.

I want to force every connexion of this application to require MFA.

Can you help me please.

I try to reduce sign in frequency to one hour but it don’t work

Answer 1

How to allows forced MFA when users connect to an specifis app.html

I have created sample web application with Azure Ad Authentication.

Azure Identity

You can add below code in your application configuration to force the login screen for every login.

Web Config file

<authentication mode="Forms">
     <forms cookieless="UseCookies" defaultUrl="HomePage.aspx"
    loginUrl="UnAuthorized.aspx" protection="All" timeout="30">
          </forms>
</authentication>

Startup.Cs

    protected void Login1_Authenticate(object sender,AuthenticateEventArgs e)
    {
     if (Membership.ValidateUser(Login1.UserName, Login1.Password) == true)
        {
            Login1.Visible = true;
            Session["user"] = User.Identity.Name;
            FormsAuthentication.RedirectFromLoginPage(Login1.UserName, true);
        }
     else
        {
            Response.Write("Invalid Login");
        }
    }

You can achieve this by creating a custom Conditional Access policy to require MFA for the specific application.

Portal Configuration:

And configure the sign-in frequency in the Conditional Access policy to require MFA for every connection.

Login Page:

Reference: Preventing Open Redirection