Enabling MFA for password reset and account unlock
The MFA for Reset/Unlock tab allows you to configure the authentication methods to be used to verify users’ identities during self-service password reset and account unlock, Before you begin, ensure you have enabled the required authentication methods. Click here to see the supported authentication methods.
- Go to Configuration → Self-Service → Multi-Factor Authentication → MFA for Reset/Unlock.
- Select a policy from the Choose the Policy drop-down. This will determine which authentication methods are enabled for which sets of users.
Note: ADSelfService Plus allows you to create OU and group-based policies. To create a policy, go to Configuration → Self-Service → Policy Configuration → Add New Policy. Click Select OUs/Groups, and make the selection based on your requirements. You need to select at least one self-service feature. Finally, click Save Policy.
- In the MFA for Password Reset/Account Unlock section, enter the number of authentication methods to be enforced, and select the authentication methods to be used.
- Click on the asterisk (*) symbol next to the authentication method to set it as mandatory. You can also reorder the authenticators too.
- Click Save Settings.
You can further configure the idle time limit, trusted device, and other relevant settings in the Advanced Settings tab.