Enforce MFA during scope granting
Require Two-Factor Authentication (2FA) from users before granting consent to a service access scope.
Prerequisites
-
Connected and configured service.
To learn more, see Connecting and Configuring Services
Enable scope governance for users
-
In the target workspace, from the left sidebar, go to Applications > Services > your service > Scopes.
-
Click Govern Scopes.
-
Slide the Human Users toggle to On.
-
Optional. Restrict access by default with a policy for all new scopes.
Select the MFA User policy to apply to all future scopes. This policy will require MFA from users who consent to access those scopes.
-
Close.
Require MFA from users granting access to scope
-
Go to the Scopes section.
-
Next to the scope you want to restrict with an MFA policy, click the Assign Policy icon under the Users column.
-
Select the MFA User policy.
-
Save your changes.
Result: Users must authenticate with the second factor before granting consent for a client application to access the protected scope.
