per-user authentication method enforcement independent of Entra ID
Danny TREVES
In our environment, we have implemented SSO login via Microsoft Entra ID for DNSFilter.
It would be useful to allow DNSFilter administrators to control authentication methods per user directly within DNSFilter, independently of Entra ID. Specifically, administrators should be able to define whether a user can authenticate:
• only via Entra ID (SSO), or
• only via local, application-specific credentials.
This capability would improve access governance and support scenarios such as break-glass accounts and external users, while maintaining Entra ID SSO as the primary authentication method.
Minetta Gould
Danny TREVES Thanks for the detailed request—the use cases you shared are great examples of why per-user auth controls could be valuable.
One thing to note: today,
Account Owners
will always be able to log in via both SSO and username/password
, which provides built-in “break-glass” access if there’s ever an issue with your IdP. Super Admins
can be configured the same way as long as they’re added before
SSO is enabled with username/password permissions—once SSO is turned on, they’ll also retain access through either method.Appreciate you sharing the broader goal here—it’s helpful context as we evaluate future SSO and access governance improvements.