Limiting multifactor authentication from the same device

You can limit the authentication mechanisms available to users when they use the same mobile device for authentication and accessing the admin portal. Only the following authentication methods will be available from the same mobile device: email, security question, and password. For example, if a user is accessing the admin portal from her mobile phone, then she cannot use that same phone to authenticate via text message, phone call, mobile authentication, or scanning a Centrify Connector generated QR code.

This policy is intended for government agencies needing to fulfill NIST compliance and is disabled by default.

To limit multifactor authentication from the same device:

  1. Log in to the Admin Portal.
  2. Click Access > Policies.
  3. Select the relevant policy or create a new one,
  4. Click User Security Polices > Login Authentication.
  5. Uncheck the Allow additional authentication from same device setting in the Other Settings section.
  6. Click Save.