This article reviews managing Multi-Factor Authentication Method Enrollments for Users.
MFA Method Initial Configuration
When Multi-Factor Authentication is enabled, Users will be prompted to set up an MFA Method upon their first log in. The 'Set Up Authentication' process will walk the User through picking an Authentication Method and the configuration steps for it.
The available Authentication Methods are defined by the administrator for the User's organization and can include the following options:
- Authenticator App
- Text/SMS
- Phone
The first MFA Method configured will be set as the User's default method and will be automatically used when the User is prompted to authenticate their login. After an MFA Method has been configured, the User can view, update, add, or remove their MFA Method Enrollments on their User Record.
When more than one MFA Method is conjured, the User can manually select another option if they are unable to authenticate with the default option.
Updating MFA Method Enrollments
Navigation
Users can access their User Record by hovering over their name on the left side of the top navigation ribbon, then selecting 'User Info'
MFA Enrollment Methods are found on the 'Security' tab.
Adding Methods
To add additional Authentication Methods, click '+ Add Method', then follow the prompts to configure the desired Authentication Method.
If more than one Authentication Method is configured, the User will be prompted to select a method each time they authenticate their login.
Default Method
The MFA Method configured as the 'Default' will always be automatically used when the User is prompted to authenticate their login. All other methods will require that the User manually select them to send an authentication request.
To change the default method, click 'Set Default' for the desired method.
Removing Methods
To remove a configured method, click the trash can icon for the associated method.
If the 'Default' method is removed, the top method listed will be automatically set as the 'Default'. If all methods are removed, the User will be prompted to configure an MFA Method on their next login.