Require Two-Factor Authentication (2FA) from users before granting consent to a service access scope.
Connected and configured service.
To learn more, see Connecting and Configuring Services.
In the target workspace, from the left sidebar, go to Applications > Services > your service > Scopes.
Click Govern Scopes.
Slide the Human Users toggle to On.
Optional. Restrict access by default with a policy for all new scopes.
Select the MFA User policy to apply to all future scopes. This policy will require MFA from users who consent to access those scopes.
Close.
Go to the Scopes section.
Next to the scope you want to restrict with an MFA policy, click the Assign Policy icon under the Users column.
Select the MFA User policy Save your changes.
Result: Users must authenticate with the second factor before granting consent for a client application to access the protected scope.
