Comment by MBCook

I need to use SSO with MFA for something. So I sign in.

Every once in a while, the token attached to that somehow expires. Which means that once I have successfully signed in (but before doing MFA) I am redirected to a DIFFERENT SSO system.

I get to login to that and enter its MFA code.

Having now completed all security requirements. I get to enter the MFA code for the original SSO.

Double SSO. Double MFA.

Boy don’t we feel secure.