Enable or disable multi-factor authentication (MFA) for each directory on an application or for some groups within the directory. By default, the directory inherits the MFA settings from the application. You can override this in the directory MFA settings.

1. Log in to the EAA Management Portal.
2. From the top menu bar, click Applications.
3. Click Settings > AUTHENTICATION.
4. Click Directory MFA settings on the directory card you want to configure. The Settings dialog appears. Select one of the choices for MFA configuration:
   • Enable. If you want all users in this directory to be prompted for MFA before accessing this application.
   • Disable. If you want all users in this directory to not be prompted for MFA before accessing this application. All other applications under the IdP will keep the same MFA settings.
   • Use Application Setting (Default) The MFA settings of the application will be applied to this directory.
   • Enable for specific Groups. Use this option if you want users belonging to specific groups in the directory to have MFA.

   

   All groups appear in the dialog box. You can filter for the groups you want using the entering few characters of the groups name and clicking Search. Select the groups you want MFA and click Save.To apply MFA to all groups, click Select all and click Save. To make changes or deselect all, click Select none.

   For example, you have three groups, engineers, guests, and remote desktop users group within this directory. The admin has allowed MFA for only the engineers group. The guests and remote desktop users will not be prompted for MFA although they belong to the same directory.

   

5. Click Save on the dialog.
6. Click Save and exit.