Problem Statement:
Are there any requirements for enabling Adaptive MFA and how do I test it?
Symptoms:
When I try to enable the email factor, I get the message
“Email can’t be enabled as the only factor or combined with only Biometrics and Recovery-Code”
Why can’t I enable it with just email?
Cause:
Email, Recovery Code, and/or WebAuthn with FIDO Device Biometrics can not be enabled as the only factors. To enable them, at least one of the other types of factors, such as Phone Message, needs to be enabled.
Solution:
To activate the Adaptive MFA option, please enable at least one MFA factor on your tenant.
There are two prerequisites for Adaptive MFA as documented here:
- Requires a database connection or an Active Directory connection.
- Requires at least one MFA factor to be enabled and configured for your tenant.
To manually trigger Adaptive MFA challenges for testing, you can follow the approach explained in this FAQ.
References: