Overview
This article provides answers to Frequently Asked Questions regarding the new Dashboard warning:
Adaptive MFA requires specific Database Connection settings before it is compatible with phone numbers.
Learn more about the limitations
- Email as an Identifier is on;
- Allow Signup with Email is required;
- Verify Email on Sign Up is on;
- Require Email on User Profile is on.
Applies To
- Adaptive MFA
- Warnings
Solution
Q: What’s the context for the warning?
A: The warning in the yellow box is meant to be for the phone as an identifier. Currently, with Adaptive MFA enabled, if an unenrolled user tries to sign up, an Email OTP will be required to verify the user. This happens before actions, so it can’t be altered or turned off. In the case of phone-as-id users, if the phone is their only attribute, they would be blocked in this process. We are working on a feature that will make this email OTP optional for the customer, removing some of those limitations.
Q: The settings referenced above can be found in the new Attributes feature when email is added as an identifier. If the new Attributes setting is disabled on the connection, does it matter whether Disable Sign Ups is toggled on in the Settings tab? In short, will Adaptive MFA never work if signups are disabled, regardless of whether the Attributes feature has been enabled? If not, can it be triggered from Actions?
A: Adaptive MFA will still work, and yes, is possible to trigger Adaptive MFA from Actions. This still functions the same as before.
Q: What’s the best way to verify that Adaptive MFA is on and working?
A: Checking the dashboard and verifying that risk assessment is turned on for Adaptive MFA, and the policy is picked is probably the easiest way to check feature enablement. From there, check a Success Login tenant log and check that the riskAssessment is included.