Last Updated: Nov 13, 2024
Overview
Email MFA is not showing up in the options. Although it is enabled, users do not see it as an option.
Applies To
- MFA
- Email Factor
Cause
Email factor has the following requirements:
- it only works with the New Universal Login.
- it needs to be an alternative to other factors.
- it can be activated by users after they complete a second-factor authentication with another method (SMS, Guardian, etc.). It can’t be started first (not a valid 2FA).
Additionally, users do not need to enroll with email MFA explicitly. They will be able to use it when they have a verified email. If you reset MFA for a user, but the email factor is toggled on in the dashboard, it will remain enrolled since the email is verified.
To troubleshoot the issue:
- Check users’ enrollment for MFA (reset if needed)
- Check for users’ email verification status
- Check the email factor in Dashboard > MFA
Solution
1. Complete verification
Here are some ways in which email completes verification:
- Users can complete the email verification flow, which updates the email_verified attribute to true.
- A tenant Admin can edit a user configuration and set email as verified
- Users can log in with a connection that provides verified emails (such as Google)
2. Enrollment with another factor (other than email)
After this, the user can add the email factor to MFA.
The theory behind this is that email is the primary factor in authenticating an individual, so it cannot be a valid second factor. But after another method reinforces the authentication, a user can choose to receive a code in the email account.
Review this video for additional details.
