Upcoming Webinar, Dec 5th — Phish Kit Teardown

Ready to help

How does Push detect MFA registration?

Push is able to detect whether an employee is registered for multi-factor authentication (MFA) and which MFA methods they use.

Push uses two approaches to detect MFA status:

  • For identity providers integrated with Push, we use the established API integration to check for MFA on the integrated platform (e.g. Google Workspace, Microsoft 365, or Okta).

  • For apps that an employee logs in to, the Push browser extension uses the existing user session of that employee to do an API call to the app and check the security settings of their account.

If Push does not support MFA detection for an app, you’ll see “MFA detection not supported for this app” when viewing the account slideout. You can export the data from the Accounts page to see where MFA is enabled, disabled (e.g. user is not registered for MFA), not yet observed, or not supported for all your observed accounts.

Note that Push will only raise a security finding of MFA not registered when the extension also observes a password login for an app. If an employee is accessing an app using OIDC or SAML, an MFA finding would not be raised.

If you do find a password login (or any other login type) that you believe is incorrect, you can remove it from the Push admin console. Refer to this help article for instructions.