View Source

When a web application is secured by the DualShield IIS Agent with MFA, the agent adds an extra layer of authentication process over the web applications's own form-based authentication. Without the Single Sign-On or Auto Logon, users will be firstly authenticated by both the DualShield SSO, then by the web application's orginal logon process which is usually the user's AD credential verification.

You have 2 options:

Configure DualShield SSO to verifiy the 2nd factor only, e.g. one-time password etc, and keep the application's orginal logon process which will verify the user's AD credentials. In this option. you do not need to enable Single Sign-On or Auto Logon.
Configure DualShield SSO to verifiy both the 2nd factor and the 1st factor. In this option. you will need to enable Single Sign-On or Auto Logon.

From the security point of view, both options have no difference.

From the user experience point of view. option 2 will deliver a more coherent user experience.

DualShield MFA Platform > Single Sign-On for IIS Applications > image2021-5-3_14-9-9.png