Global multi-factor authentication (MFA) methods overview
At the global level, turn on the multi-factor authentication (MFA) methods for use by your organization. By default, all the enabled global MFA methods are available in the default or custom policy. You can then limit which global MFA method to use in a given policy. There must be at least one MFA method turned on globally at any given time.
Set up your global MFA methods before adding resources.
 |
The following table lists the available multi-factor methods and its configuration modes.
MFA method | Configuration mode |
|---|---|
FIDO2 (WebAuthn) * | FIDO2 Devices |
Authentication apps | Login notification Biometric identification Timed passcode from app One-time passcode |
Text Message | Login confirmation link One-time passcode |
Login confirmation link One-time passcode | |
Voice Phone Call | One-time passcode |
Security Questions | Security questions |
PIN | Personal identification number |
YubiKey (non-FIDO2) | OATH HOTP Yubico OTP |
Symantec VIP | Timed passcode |
* Available in the Identity Platform version 20.06.
Next steps
Globally define the MFA methods you want to make available to your end users during the login workflow.