I’m currently in the process of restructuring our entire MFA deployment model at my company ~600 crew members. We’re using AD groups for authentication and using a SSO Application to apply and enforce MFA policies to those groups, and free Google Auth mobile app and physical YubiKey for the auth method.
For the most part we’ve gotten everyone enrolled, but there are a handful of union workers and contractors who believe if the company is requiring MFA, we should supply them with mobile devices with the required MFA app installed. They refuse to download Google Auth to their personal devices.
I was wondering how you guys deploy MFA to groups who don’t want to install them on their personal phones? YubiKeys are an option, but with the amount of contractors and union members the cost would be a lot and my CTO wants to seek other options. I did hear that one of the reasons why is the distrust of Google? Duo Auth is an option in our SSO.
What do you guys think?