Enable the Factors

In this scenario, you select Mobile App Passcode and Email as the MFA factors available to the users, and configure a sign-on policy rule for the Partners group.

The following are high level steps to enable these authentication factors:
  1. In the Identity Cloud Service console, expand the Navigation Drawer, click Security, and then click MFA.
  2. Select Mobile App Passcode and Email from the available factors, and then click Save.
  3. Click Security in the Navigation Drawer, and then click Sign-On Policies.
  4. Select the Default Sign-On Policy, click Sign-On Rules tab, and then click Add to add a new rule.
  5. Enter a Rule Name
  6. In the Conditions section, And is a member of these groups field, select Partners from the list that appears.
  7. In the Actions section:
    1. Select Prompt for an additional factor.
    2. Set Enrollment as Required  to force the user to enroll in MFA.
  8. Click Save.
  9. After you save the rule, drag the new rule to the position above the Default Sign-On Rule.
  10. Click Save to save the default sign-on policy.