Access - AAGUID restrictions and AMR matching for Access independent MFA
2mo ago
Source
CloudflareAccess - AAGUID restrictions and AMR matching for Access independent MFAcloudflare.comIndependent MFA in Cloudflare Access now supports two additional organization-level controls: Restrict authenticators by AAGUID — Limit enrollment to a specific set of WebAuthn authenticators using their AAGUID . This is useful for organizations that require FIPS-validated security keys or company-issued hardware. AAGUIDs are managed through a new List type. AMR matching — Skip the independent MFA prompt when the identity provider has already performed an equivalent MFA. Access reads the amr claim defined in RFC 8176 and matches supported values such as hwk , otp , and fpt to the authenticator types allowed on the application or policy. This prevents users from having to complete MFA twice when their identity provider already enforces it. To get started, refer to Independent MFA .
You might also wanna read
Authentication Reference Implementation for Cloudflare Workers with PBKDF2, JWT Sessions, and NIST Compliance
This article presents a comprehensive authentication reference implementation for Cloudflare Workers that serves as an educational resource
Cloudflare launches temporary accounts for AI agents to bypass human signup flows
Cloudflare is launching Temporary Accounts for AI agents, allowing them to deploy websites, APIs, and other agents instantly without going t
Cloudflare launches temporary accounts for AI agents to bypass human signup flows
Cloudflare is launching Temporary Accounts for AI agents, allowing them to deploy websites, APIs, and other agents instantly without going t

Comments
Sign in to join the conversation.
No comments yet. Be the first.