After the end-user logs in to the IdP Login portal with his credentials, they will be prompted to set up MFA on their device to receive the tokens, if the admin has configured any of the MFA factors at the global level (for the identity provider) or at a per-app level (for a particular app or a selection of applications).
When the administrator enables MFA, the end-user sees the Account Settings page. All of the different MFA methods for receiving the authentication tokens are shown. The end-user can select the MFA method and follow the on-screen guidance to set up and verify the MFA method.
For verification using Akamai MFA, see Self enroll in Akamai MFA
For verification using DUO, see Managing your devices
For verification using a third-party authenticator like Google Authenticator, see Get verification codes with Google Authenticator, select APP and follow the on-screen guidance.
Make sure the user's device is not in Do not disturb mode. This prevents the user from receiving authentication text messages or pop-up notifications.
For verification by email, select EMAIL, enter the email address, click NEXT, enter the authentication code sent to the email, and click NEXT. End-user sees a VERIFIED message that the email has been verified. Then click EXIT.
For verification by SMS or text message, select TEXT, enter the mobile phone number where the authentication code can be received, and click NEXT. End-user enters the Authentication code they receive, see a VERIFIED message, and click EXIT.
After the MFA methods are verified, they will see a Verified check mark next to it.
If only one MFA method is selected, that will be the primary method after verifying it.
If MFA methods are verified, the end-user can select any of their preferred MFA method to be the primary method before exiting the setup.
For example, here TEXT, Akamai MFA, and EMAIL have been verified by the end-user. And TEXT is the primary method to receive authentication codes:
If the end-user wishes to make Akamai MFA the primary MFA method, he selects it, and clicks Make primary, and click EXIT. Then, Akamai MFA moves to the top and becomes the primary method to receive authentication tokens.
End-user can select Remove before the exit out of the setup process if they want to remove an MFA method.
After the MFA method a verified, the next time they log in to the login portal, after successful multi-factor authentication, end-users can access the My Apps portal.
Updated about 1 year ago