Advanced Settings
The Advanced Settings in the Multi-factor Authentication module contain important settings that grant you added control over the MFA process for applications and logging into Identity360.
General Settings
- Enable backup verification codes for MFA recovery: Use this setting to enable users to utilize backup verification codes in case of MFA verification failure.
- Require CAPTCHA verification for the selected MFA pages: Enable this setting to display a CAPTCHA on the applicable MFA pages to users for every identity verification attempt or after a certain number of unsuccessful attempts, which you can specify.
Note:
- Users will still be required to perform MFA verification if they log in through a different browser.
- This option will not be available for partially enrolled users. It will only be displayed to fully enrolled users who have completed MFA verification across all the factors they have registered for.
Email Settings
- Allow users to add a secondary email address to their account: Use this option to enable users to provide a secondary email address. In case the primary email address encounters issues receiving the TOTP email during the verification process, users can choose to use their secondary email address.
- Force users to register a secondary email address for MFA: Use this setting to configure whether registering with a secondary email address is mandatory or optional for users.
- Allow or Block email address enrollment from the following domains: Use this option to allow or block specific email domains for the secondary email addresses that the users provide during enrollment. If you Block, users will be able to add email addresses from any domain except the listed domain(s). Choosing Allow will ensure that users only use trusted email service providers to receive verification codes. You can leave this field empty to allow any domain after selecting Allow.
- Allow users to choose the email address on which to receive the OTP during verification: Enable this option to allow users to select whether the OTP email should be sent to their primary or secondary email IDs that they provided during the enrollment process. If this option is disabled, the OTP email will be sent to the user's primary email address.
- Prompt users to enter their email address: Choose this setting to allow the users to input their preferred email address, whether it is their primary or secondary email, during the MFA verification process. Enabling this option will enhance security by ensuring that even masked email addresses are not displayed, preventing unwanted exposure of users' email addresses.
- Allow users to choose from a list of their masked email addresses: Select this option to display masked versions of all the email addresses provided by users during the enrollment process. This enables them to pick the specific email ID where the OTP email should be sent.
- Click Save.
MFA Settings
MFA for Identity360 login
- Expire MFA sessions: Specify the duration in minutes after which the MFA sessions has to expire.
- Allow user to trust browser for number of days to skip MFA: Enable this option to allow users to trust their browser for a set number of days to skip the MFA process.
- Keep the "Trust this browser" option selected by default: Enable this option to make "Trust this browser" the default setting.
- Deny login for users who have not enrolled for all the required MFA factors: Enable this option to prevent login for users who have not enrolled in all the required MFA factors.
- Click Save.
ADManager Plus
ADAudit Plus
ADSelfService Plus
Exchange Reporter Plus
M365 Manager Plus
Previous Topic