Issue:
When a user tries to access Elements Exposure Management related pages in the Elements Security Center portal, they get the errors:
This operation is forbidden - Please contact your EntraID administrator to perform this operation.
The organization you're trying to sign in requires two factor authentication. Go to Account settings to enable two factor authentication.
Resolution:
Currently there is an issue with Multi-factor authentication (MFA) settings for new users which have been created after taking SSO (Single-Sign On) federation into use. Elements Exposure Management pages in the Elements portal have MFA requirement set on the portal level, but SSO users have the MFA simply included with the SSO. This means that MFA is shown to be disabled for the user on the portal level and therefore user cannot access Elements Exposure Management pages which require MFA.
SSO federation users cannot modify account settings from the My settings page in the Elements portal, which means that they cannot enable MFA on the portal level.
Currently the only workaround is to temporarily disable SSO federation for the domain from Management > Organization settings > Security administrators > SSO Federation. The user can then log in to enable portal level MFA. After MFA has been enabled, SSO federation can be re-enabled and then the user should be able to access Elements Exposure Management related pages in the portal.
Article no: 000046327