HomeUse CasesConceptsConfig GuidesDeveloper GuidesAPI Reference

Inline MFA enrollment

Suggest Edits

Introduction

Requiring users to enroll a multi-factor authentication method upon first enrollment is considered a clean user experience while accomplishing a key security compliance requirement all in less than a minute. Verify provides a way to put users through a self-service enrollment process. This guide will help you enable inline multi-factor enrollment within Verify.

Pre-requisites

It is important to understand the difference between enrolled and transient verification methods before configuring inline-enrollment. In some cases, you're users may already have verified their phone numbers or email addresses and you may want to use those directory attributes for MFA without requiring users to enroll. That is a good setup if you trust the data provided by users in your directory.

Transient methods use existing values like email and phone number for MFA without the need to enroll. If this is what you want to use, then there is no need to configure inline MFA. Users can still manage their own security settings and enrollments in their user launchpad (https://yourtenant.verify.ibm.com/usc/settings/security).

Configure inline enrollment

  1. Within the admin portal, navigate to Security
  2. Select Authentication factors from the list of tabs.
  3. In the general MFA settings section set the following values below:
    • When no factors are present during an MFA challenge: Require user to enroll a factor
    • Allow second factors from the following sources: User-enrolled methods only
  4. Save the configuration
658

Inline enrollment experience

When no enrolled factors are detected, users will be required to go through the process of enrolling enabled second factors. This will happen when a user access an application for SSO or when logging into their launchpad. If you wish to disable a certain second factor from being enrolled, you can always disable that factor on the same Authentication factors configuration page.

2362

If a user ever has their second factor deleted (either themselves or through a customer's helpdesk), then they will go through this process again. Either way, the user's first time going through this flow will be simple and straight forward. Verify guides the end user through enrolling a second factor through painless steps and easy to follow images and guidance.

Updated 10 months ago