We recently upgraded our plan from Business to Enterprise and configured SAML SSO. To increase security, we also wanted to enable MFA for all users, not just external collaborators. There is only TOTP, which works in parallel.
The concern we want to address is if a user's laptop were stolen and the Smartsheet user already signed in and has signed out their information is saved in their browser, etc. We have customer sensitive information we'd like to protect.
So a bad actor could just click on the 'Sign in with your company account' button and get right into their Smartsheet account. There is no extra layer of protection that MFA would offer.
It would be great if SAML SSO and MFA could work together for our internal users.
On the Azure side we have enabled MFA, but only works with the Azure app we created called Smartsheet SSO, and does not work or trigger a MFA on a browser. MFA only works with mobile phones.
