Skip to main content

Global multi-factor authentication (MFA) methods overview

At the global level, turn on the multi-factor authentication (MFA) methods for use by your organization. By default, all the enabled global MFA methods are available in the default or custom policy. You can then limit which global MFA method to use in a given policy. There must be at least one MFA method turned on globally at any given time.

Set up your global MFA methods before adding resources.


The following table lists the available multi-factor methods and its configuration modes.

MFA method

Configuration mode

FIDO2 (WebAuthn) *

FIDO2 Devices

Authentication apps

Login notification

Biometric identification

Timed passcode from app

One-time passcode

Text Message

Login confirmation link

One-time passcode


Login confirmation link

One-time passcode

Voice Phone Call

One-time passcode

Security Questions

Security questions


Personal identification number

YubiKey (non-FIDO2)


Yubico OTP

Symantec VIP

Timed passcode

* Available in the Identity Platform version 20.06.

Next steps

Globally define the MFA methods you want to make available to your end users during the login workflow.