Problem statement
After configuring SMS and Voice for the MFA factors in a tenant, after a user is enrolled and subsequently prompted for MFA on login, they are being directed to the SMS prompt and are not seeing an explicit choice between both SMS + Voice.
Solution
This is expected behavior and depends on whether the user selects Voice or SMS during initial enrollment. When enrolling in phone MFA, if a user initially uses the ‘Phone Call’ option, they will see the two options ‘SMS or VOICE’ on subsequent MFA prompts, whereas if the user initially uses the ‘SMS’ option, they’ll receive the SMS first and then be given the option to receive a phone call. This behavior currently cannot be changed.
Here are the steps to confirm which users have chosen to use the Voice ‘Phone Call’ option:
- Go to the Dashboard > User Management > Users.
- Click on the user’s profile page.
- Click on the Raw JSON tab.
- Under the “guardian_authenticators” object, see if the MFA with “id”: "voice|dev_abc********’ appears before the “id”: "sms|dev_abc***********'.