Skip to main content

Global multi-factor authentication (MFA) methods overview

At the global level, turn on the multi-factor authentication (MFA) methods for use by your organization. You'll want to enable those MFA methods before setting up authentication policies and the user login experience.

By default, all enabled MFA methods are available in the default and custom policies. When you set up the authentication policy, select the MFA methods you want make available to end users for authentication.


The following table lists the available multi-factor methods and its configuration modes.

MFA method

Configuration mode

FIDO2 (WebAuthn)

FIDO2 Devices

Authentication apps

Timed passcode from app

One-time passcode

Biometric identification

Login notification

Text Message

Login confirmation link

One-time passcode


Login confirmation link

One-time passcode

Voice Phone Call

One-time passcode

Security Questions

Security questions


Personal identification number

YubiKey (non-FIDO2)

Yubico OTP


Symantec VIP

Timed passcode