Configure end-user's device to receive MFA tokens

Set up MFA to receive tokens on end-users device

After the end-user logs in to the IdP Login portal with his credentials, they will be prompted to set up MFA on their device to receive the tokens, if the admin has configured any of the MFA factors at the global level (for the identity provider) or at a per-app level (for a particular app or a selection of applications).

When the administrator enables MFA, the end-user sees the Account Settings page. All of the different MFA methods for receiving the authentication tokens are shown. The end-user can select the MFA method and follow the on-screen guidance to set up and verify the MFA method.

For verification using DUO, see Managing your devices

For verification using a third-party authenticator like Google Authenticator, see Get verification codes with Google Authenticator, select APP and follow the on-screen guidance.

Note: Make sure the user's device is not in Do not disturb mode. This prevents the user from receiving authentication text messages or pop-up notifications.

After the MFA methods are verified, they will see a Verified check mark next to it.

If only one MFA method is selected, that will be the primary method after verifying it.

If MFA methods are verified, the end-user can select any of their preferred MFA method to be the primary method before exiting the setup.

After the MFA method a verified, the next time they log in to the login portal, after successful multi-factor authentication, end-users can access the My Apps portal.