MFA enrollment step
The MFA registration step allows customers to enroll in one or more multi-factor authenticators as part of their account setup.
The MFA registration step within the registration journey
Depending on the Adaptive Access policy assigned to the application, this step can be configured to require one or more MFA methods or to make enrollment optional.
Depending on the methods made available:
- The customer is prompted to choose and register one or more MFA methods.
- For each method, they are guided through the steps required to complete the setup.
- Upon completion, they are shown a confirmation screen before continuing.
Supported authenticators
Customers can register any of the following supported MFA methods:
- Email-based MFA: Customers receive a one-time passcode to their email address and enter it on screen to complete verification. Depending on the configuration, magic link delivery may also be available.
- Phone-based MFA (SMS): A one-time passcode is sent via SMS to the customer’s phone number. This method can also deliver a magic link, based on policy configuration.
- TOTP-based apps (for example, Google Authenticator): Customers scan a QR code using their authentication app and verify by entering the generated passcode.
- Platform biometric authenticators: Customers can register a FIDO2-compatible computer or phone biometric as an authenticator.
- Security keys: Customers can register a FIDO2-compatible hardware key (for example, YubiKey).
- Passkeys: Passkey promotion can be enabled as a follow-up step after a successful MFA enrollment.
Settings that affect this step
The customer experience at this step depends on the following configurations:
- Adaptive Access policy:
- Defines which MFA methods are available.
- Controls whether their registration is optional or mandatory.
- Branding policy: Controls the appearance and text of each MFA registration screen.
What happens next
After MFA registration is complete, the customer continues to the next step of the registration journey. This could include passkey promotion (if configured) or any other subsequent step, such as account activation or redirection to a post-registration destination.
Extensibility points
Before and after the MFA registration step, the following extensibility points are available:
Updated about 1 month ago