In this scenario, you select Mobile App Passcode and Email as the MFA factors available to the users, and configure a sign-on policy rule for the Partners group.
The following are high level steps to enable these authentication factors:
- In the Identity Cloud Service console, expand the Navigation Drawer, click Security, and then click MFA.
- Select Mobile App Passcode and Email from the available factors, and then click Save.
- Click Security in the Navigation Drawer, and then click Sign-On Policies.
- Select the Default Sign-On Policy, click Sign-On Rules tab, and then click Add to add a new rule.
- Provide a name for the rule, in the And is a member of these groups field select Partners from the list that appears, and then select Prompt for an additional factor.
- In the Action section, select Enrollment as Required to force the user to enroll in MFA.
- Click Save.
- After you save the rule, drag the new rule to the position above the Default Sign-On Rule.
- Click Save to save the default sign-on policy.