In the SecureAuth® Identity Platform, you can globally define which multi-factor authentication (MFA) methods are available for users to select and use for authentication. By default, all policies are configured to use all enabled methods, however, you can limit which multi-factor method to use in a given policy.  There must be at least one multi-factor method enabled globally at any given time. 

It is highly recommended that you set up your global MFA methods before adding applications. 

The following table lists the available multi-factor methods (with its configuration modes) and whether they are enabled or disabled by default out-of-the box. 

MethodDefaultConfiguration ModesDefault
YubiKeyEnabledYubico OTPEnabled
EnabledOATH HOTPDisabled
Authentication AppsEnabledTimed passcode from appAlways Enabled
EnabledLogin notificationEnabled
EnabledBiometric identificationDisabled
EnabledOne-time passcodeDisabled
Text MessageEnabledLogin confirmation linkEnabled
EnabledOne-time passcodeDisabled
EmailEnabledLogin confirmation linkEnabled
EnabledOne-time passcodeDisabled
Voice Phone CallDisabledOne-time passcodeAlways Enabled
Security QuestionsDisabledSecurity questionsAlways Enabled
PINDisabledPersonal identification numberAlways Enabled
Symantec VIPDisabledTimed passcodeAlways Enabled

Next steps

To globally define a multi-factor method setting, see the following topics.