Configure policy input and condition to display Email OTP as an MFA factor policy for authentication.

Before you begin

Role required: admin

Procedure

  1. Navigate to All > Multi-factor Authentication > MFA Context.
  2. Click MFA Factor Policies tab.
    Note: The EMAIL as MFA Factor with a Policy is available by default. You can edit the policy and specify the policy inputs and conditions.
  3. Select the Display Email OTP as an MFA Factor Policy.
    Email - Factor
  4. Click New to add Policy Inputs.
    Policy Inputs
  5. Select the filter criteria that you want to create.

    Following are the types of filter criteria:

    For example, Role Filter Criteria.

    Filter Criteria
  6. Click Role Filter Criteria, fill the fields for the role filter criteria and submit the record. The new policy is created. For more information, see Role Filter Criteria.
  7. On the Policy - Display Email OTP as an MFA Factor Policy page, click Policy conditions.
    Policy Conditions
  8. Click New to add Policy Conditions.
  9. On the form, fill in the fields:
    Table 1. Condition form
    Field Description
    Label Name to identify the condition.
    Description Description of the condition.
    Condition Logical combination of multiple policy inputs (filter criteria) that is used to evaluate authentication requests.

    Select the role based filter criteria policy that was created for the condition.
  10. Click Submit.
  11. (Optional) Repeat step 8 to create additional policy conditions.
    Note: If you create multiple policy conditions, the final output of the access policy depends on the logical OR output of the all policy conditions. This means the policy will evaluate to true if any one of your policy conditions is met.

    Based on the role filter (users) policy and the conditions specified for the role is matched, the Email MFA factor is shown as an options for authentication for the users.