Multi-factor authentication (MFA) is an access control method where multiple, separate pieces of evidence are required for identification before access is granted. Typically at least two of the following categories must be satisfied for MFA: knowledge (something they know), possession (something they have), and inherence (something they are). Using two different components to confirm identity is known as two-factor authentication (2FA).
You can create and apply MFA policies for administrative users (admins) of the Enterprise Application Access (EAA) Management Portal as well as non-admin users of the applications.
The MFA policy with MFA factors configured in the identity provider is a global settings. It is inherited by all applications and directories associated with the IdP (by default). The global IdP MFA settings can be overridden for each application. The application MFA settings is inherited by the directory MFA settings (by default). The application MFA settings can be overridden for each directory or can be enabled for certain groups. . You can also bypass the global MFA policy using bypass MFA criteria.
If the administrator has enabled generating recovery codes in the identity provider, then that can be used as an alternative to 2FA for the users, after the organization validates the authenticity of the user.
If you have enabled MFA for accessing EAA applications and SMS is the registered MFA scheme, an SMS message is sent at the time of registration and when you receive OTP code for authentication.
A sample SMS sent during registration:
Phone verification code from <Company name>: <OTP code> This SMS may incur charges from your telephone operator.
A sample SMS sent as OTP at the time of authentication:
Access code from <Company name>: <OTP code> This SMS may incur charges from your telephone operator.