How does Push detect MFA registration?
Push is able to detect whether an employee is registered for multi-factor authentication (MFA) and which MFA methods they use.
Push uses two approaches to detect MFA status:
For identity providers integrated with Push, we use the established API integration to check for MFA on the integrated platform (e.g. Google Workspace, Microsoft 365, or Okta).
For apps that an employee logs in to, the Push browser extension uses the existing user session of that employee to do an API call to the app and check the security settings of their account.
To see which apps Push supports MFA detection for, go to the Supported SaaS page.
Note that Push will only raise a security finding of MFA not registered when the extension also observes a password login for an app. If an employee is accessing an app using OIDC or SAML, an MFA finding would not be raised.
If you do find a password login (or any other login type) that you believe is incorrect, you can remove it from the Push admin console. Refer to this help article for instructions.