Enable a global multifactor authentication policy for Login Portal users

You can enable multifactor authentication (MFA) for non-admin application users. This requires users who log into the portal to use their standard login credentials and at least one other MFA verification factor, such as email, SMS, or a time-based one-time password (TOTP) authentication token every time they log in. The MFA policy is configured in EAA through the identity provider (IdP) settings and may be set for all users, known as a global MFA policy. It is inherited for all applications and directories associated with this identity provider.

If you have configured the IdP login portal to support a different primary language other than English, then the MFA is received in that language.

To enable multi-factor authentication for all application users use this procedure.

How to

  1. Log in to the Enterprise Application Access (EAA) Management Portal.
  2. From the top menu bar, select Identity > Identity Providers.
  3. Click the Configure Identity Provider icon on the identity provider.
  4. Click the Multifactor tab.
  5. Select the IdP MFA Policy checkbox and the MFA factors to apply, such as email, SMS, TOTP, or Duo.
  6. To save the changes, click Save and exit or Save and go to Advanced Settings.

Next steps

For the changes to go into effect, Deploy the identity provider.