The multi-factor authentication options provided by ADSelfService Plus allows you to determine what and how end-users' authentication info (used to reset password or unlock account) should be.
The multi-factor authentication techniques can be configured from the "Configuration" Tab of ADSelfService Plus
Choose the Policy from the drop down.
You have three tabs to choose from to configure multi-factor authentication techniques for your End-Users.
By default, end-users will have the option to prove their identity by any one of the multi-factor authentication methods, even if all the methods are enabled by the administrator. You can also force users to prove their identity via certain verification methods. See Advanced Settings for more information.
To force users to prove their identity via selected authentication methods
Under Multi-factor Authentication, click Advanced
Under the Enrollment tab, you will have an option to 'Enforce and reorder the multi-factor authentication options'
Now select the verification methods that you want to enforce during identity verification and reorder them by dragging them around. You can force any one or two or any combination of the multi-factor authentication options during identity verification.
Click OK to save the settings
It is essential to select at-least one of the seven multi-factor authentication options for configuring the Identity Verification process.