If you select Phone Call as an authentication mechanism for users, then those users must create a PIN to authenticate into Privileged Access Service using their phones. By default, all users can create a PIN. To enable or disable, see the instructions below. The phone PIN configuration option is only available for new tenants as of 17.10.
To enable or disable a phone PIN:
- Log in to Admin Portal.
- Click Access > Policies and select the policy you want to edit or click Add Policy Set to create a new one.
- Click User Security Policies > User Account Settings.
Select Yes or No in the “Enable users to configure a Phone PIN for MFA” drop-down list.
- (Optional) Specify the minimum PIN length users must create.
(Optional) Specify the authentication profile users must use to configure and edit their PINs.
The authentication profile is where you define the authentication methods. If you have not created the necessary authentication profile, select Add New Profile at the bottom of the drop-down list. See Creating authentication profiles.
- Click Save.
Note: Users create their PINs at Profile > Account > Organization > Phone PIN.