In this scenario, you select Mobile App Passcode and Email as the MFA factors available to the users, and configure a sign-on policy rule for the Partners group.
The following are high level steps to enable these authentication factors:
- In the Identity Cloud Service console, expand the Navigation Drawer, click Security, and then click MFA.
- Select Mobile App Passcode and Email from the available factors, and then click Save.
- Click Security in the Navigation Drawer, and then click Sign-On Policies.
- Select the Default Sign-On Policy, click Sign-On Rules tab, and then click Add to add a new rule.
- Enter a Rule Name
- In the Conditions section, And is a member of these groups field, select Partners from the list that appears.
- In the Actions section:
- Select Prompt for an additional factor.
- Set Enrollment as Required to force the user to enroll in MFA.
- Click Save.
- After you save the rule, drag the new rule to the position above the Default Sign-On Rule.
- Click Save to save the default sign-on policy.