Short answer: Leave the Default Authentication Method dropdown blank to avoid potential complications. Alternatively, refer to this article for detailed guidance.
The Default Authentication Method policy is an easy way of preselecting an authentication method for users who log in to integrations that support the Rublon Prompt. This can help speed up the MFA process. However, when it comes to the Rublon Authentication Proxy, the Default Authentication Method policy feels redundant, as the proxy has its own way of configuring available authentication methods. Why would one want to set this policy then?
The benefit of using the Default Authentication Method with the Rublon Authentication Proxy is the automatic Enrollment Email sent if a user has not enrolled a mobile device. Case in point: “push” is configured as the Default Authentication Method and the user does not have the Rublon Authenticator app configured. In such a scenario, they will receive an Enrollment Email during their initial login, allowing them to configure their mobile application. If the Default Authentication Method is not set, an admin must manually send the Enrollment Email.
For testing purposes, we always recommend skipping this option (leaving it blank), as it can lead to unexpected behavior from the user’s perspective.
Here’s an example of when the Default Authentication Method policy will not work:
The Default Authentication Method is set to Mobile Push in the Rublon Admin Console, but the Rublon Authentication Proxy configuration has only “email” in its “auth_method” configuration. In such a scenario, if the user has the mobile app configured, the Auth Proxy will try to authenticate them using Email Link, while the Rublon API will want to use a Mobile Push. This conflict results in access being denied to the user and a “MethodNotAllowedException” being thrown in the Auth Proxy's log file.
To fix the above scenario you can do one of the following:
Remove the Default Authentication Method (leave it blank)
Set the Default Authentication Method to “email”
Change the Rublon Authentication Proxy configuration to use “push,email” as authentication methods.
The takeaway is that the Rublon Authentication Proxy configuration should always reflect the policy in the Admin Console.
Helpful Links
Integrations that support the Rublon Prompt
Rublon Authentication Proxy - Documentation
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article