How to define authentication requirements

You can specify what authentication mechanisms your users must provide to access the service, as well as if and when multi-factor authentication is required. For example, you can create a rule to require that users provide a password and text message confirmation code if they are coming from an IP address that is outside of your corporate IP range. To specify this requirement, you need to create a rule and associate it with an authentication profile.

A built-in report is available to view whether users have setup the necessary information for multi-factor authentication challenges. For example, if you plan to use SMS confirmation codes as an authentication factor, you need to make sure all users impacted by the authentication policy have a mobile number associated with their account, otherwise they might be locked out.

  1. From the Reports page in the Admin Portal, navigate to Builtin Reports > Security, and open User MFA challenge setup status.

    The Required Parameters window appears.

  2. Select the role that will be impacted by your Authentication Policy.

    For performance reasons, run this report on roles with approximately 1,000 users or less.

    The report opens, showing whether your users have configured the required information for authentication factors that could result in lockout if the required information is absent. For example, a user with no associated mobile phone will have false in the Sms column.

  3. Review the report and follow up with users missing required information.