Configure end-user's device to receive MFA tokens

Set up MFA to receive tokens on end-users device

After the end-user logs in to the IdP Login portal with his credentials, they will be prompted to set up MFA on their device to receive the tokens, if the admin has configured any of the MFA factors at the global level (for the identity provider) or at a per-app level (for a particular app or a selection of applications).

When the administrator enables MFA, the end-user sees the Account Settings page. All of the different MFA methods for receiving the authentication tokens are shown. The end-user can select the MFA method and follow the on-screen guidance to set up and verify the MFA method.

end user options for mfa methodsend user options for mfa methods

For verification using Akamai MFA, see Self enroll in Akamai MFA

For verification using DUO, see Managing your devices

For verification using a third-party authenticator like Google Authenticator, see Get verification codes with Google Authenticator, select APP and follow the on-screen guidance.

Note: Make sure the user's device is not in Do not disturb mode. This prevents the user from receiving authentication text messages or pop-up notifications.

For verification by email, select EMAIL, enter the email address, click NEXT, enter the authentication code sent to the email, and click NEXT. End-user sees a VERIFIED message that the email has been verified. Then click EXIT.

For verification by SMS or text message, select TEXT, enter the mobile phone number where the authentication code can be received, and click NEXT. End-user enters the Authentication code they receive, see a VERIFIED message, and click EXIT.

After the MFA methods are verified, they will see a Verified check mark next to it.

If only one MFA method is selected, that will be the primary method after verifying it.

If MFA methods are verified, the end-user can select any of their preferred MFA method to be the primary method before exiting the setup.

For example, here TEXT, Akamai MFA, and EMAIL have been verified by the end-user. And TEXT is the primary method to receive authentication codes:

mfa_methods_make_primarymfa_methods_make_primary

If the end-user wishes to make Akamai MFA the primary MFA method, he selects it, and clicks Make primary and click EXIT. Then, Akamai MFA moves to the top and becomes the primary method to receive authentication tokens.

mfa_methods_make_primarymfa_methods_make_primary

After the MFA method a verified, the next time they log in to the login portal, after successful multi-factor authentication, end-users can access the My Apps portal.