PingOne

Require users to perform MFA to manage MyAccount page (Customer only)

You can configure the Self-Service-MyAccount application to require users to authenticate with multi-factor authentication (MFA) before they can manage their authentication methods.

When you enable this option, users that don’t perform MFA will see their list of authentication methods as read-only.

This procedure covers customer use cases only (PingOne MFA). For Workforce use cases, see Manage Authentication in Configuring the self-service portal.

Before you begin

About this task

  1. In the PingOne admin console, go to Applications > Applications, and click the PingOne Self-Service - MyAccount application.

  2. On the Resources tab, click the Pencil icon.

  3. In the Reduced Scopes section, select the Allow user actions according to granted authentication scopes checkbox.

    You’ll see a caution message, reminding you to associate an authentication policy, so that users can perform actions on their devices in their MyAccount page.
  4. Click Continue, and then click Save.

  5. If you haven’t yet associated the authentication policy with the Self Service MyAccount application, on the Policies tab, select the relevant authentication policy, and then click Save.

The next time a user goes to their MyAccount page, they must perform MFA before they can manage their authentication methods.