MFA Server Failover
  • 13 Jan 2023
  • 1 Minute to read
  • Contributors
  • Dark
    Light

MFA Server Failover

  • Dark
    Light

Article summary

If you have more than one MFA server and or a specific order you want your clients to look at the servers, the MFA policy can be used to configure that.


  1. In your MFA Portal, go to your Policies tab.
  2. On the left-hand side, click on View All Policies.
  3. All of your MFA policies will be displayed. Click Edit next to the appropriate one.
  4. In the new pop-up window, go to the Server/Sync tab.
  5. Enable the "Service URL" setting and enter your server sync URL.

Each server sync link must be put on its own line. The software automatically deals with the separation when it passes the registry to your clients.

In the MFA client(s') registry, HKLM\Software\Foray\ ServiceURL key's values, or URLs, will be separated by semicolons ( ; ). This can be manually done as well during a client installation when you have to input the MFA server's URL.

mfa server-failover policy.png

In this example, the failover sync will be attempted 1 minute after the first server does not respond.


Other Related Options

SettingDefinition
Service Timeout (in ms)The amount of time the client will continue to attempt to sync with the server URL
Service Low Bandwidth Timeout (in minutes)The amount of time before the MFA server checks for low-bandwidth service
Failover Check Interval (in minutes)*The amount of time before the MFA server checks for fail-over
Check for Service Long Response SeparatelyWhether or not the MFA server will check for a long server response
*Double-Check Your Values

It's important that the Service Check Interval number, if changed, should always be greater than the Service Timeout setting.


Was this article helpful?