Advanced Settings

The Advanced tab in Multi-Factor Authentication contains important settings that you can configure to further control how the MFA process for password reset, ADSelfService Plus login, and endpoint logins behave.

Reset/Unlock MFA

ADSelfService Plus Login MFA

Cloud Application Login MFA

Endpoint Settings

Machine Login MFA

MFA for OWA Login


MFA for OWA Login

Q&A Settings

Verification Code Settings

Mail/Mobile Attributes

Secondary Email/ Mobile Number



About backup codes

These one-time use backup codes allow users to prove their identities in case their MFA device is not reachable or they are unable to use their enrolled MFA methods of authentication. Once the Enable MFA Backup Verification Codes setting is enabled, the backup codes can be generated and end-users can enter them to authenticate themselves during machine or VPN logon, ADSelfService Plus portal login, or self-service actions. Backup codes can be generated in two ways:

  • Users can use backup codes during VPN logins only when RADIUS-challenge response-based authentication methods are used for VPN login MFA.
  • During VPN MFA, the generated backup code can be entered in the field provided for one-time passcodes at the VPN client.
  • When identity verification is performed using backup codes, the Trust this browser and Trust this machine options will not be considered.

About backup codes


Your request has been submitted to the ADSelfService Plus technical support team. Our technical support people will assist you at the earliest.


Need technical assistance?

  • Enter your email ID
  • Talk to experts
    By clicking 'Talk to experts', you agree to processing of personal data according to the Privacy Policy.

Copyright © 2022, ZOHO Corp. All Rights Reserved.