Session Abstract: Using username and password for authentication is insecure. Zero trust guidance says to use multifactor authentication (MFA). However, not all MFA is equal. Only phishing-resistant MFA provides strong protection against sophisticated attacks. Therefore, our task was to move applications from current username/password to a phishing-resistant MFA. In this session we will go over that journey of integrating custom application(s) for MFA with an identity provider. The customer environment has a working IDP that supports all the modern authentication protocols: SAML, OAuth, OpenID Connect, and WS-Fed. However, the challenge came from custom applications that did not natively support any of these modern authentication protocols. Secondly the developers were not keen on writing any new code for authentication since the development team was primarily focused on application functional programming. Thirdly, the developers were not familiar with either SAML, or OAuth and OpenID protocols. And finally, time was a constraint to deliver a working solution, hence writing new code by developers for authentication modules was not an option. Our IAM team took over the responsibility of a system integrator to integrate this custom application with the IDP using SAML protocol. This presentation will show each step in that journey.