Require users to perform MFA to manage MyAccount page (Customer only)
You can configure the Self-Service-MyAccount application to require users to authenticate with multi-factor authentication (MFA) before they can manage their authentication methods.
When you enable this option, users that don’t perform MFA will see their list of authentication methods as read-only.
|
This procedure covers customer use cases only (PingOne MFA). For Workforce use cases, see Manage Authentication in Configuring the self-service portal. |
Before you begin
-
Create an authentication policy that includes an MFA step, and associate it with the Self Service-MyAccount application. Learn more in Adding a multi-factor authentication or PingID step.
About this task
-
In the PingOne admin console, go to Applications > Applications, and click the PingOne Self-Service - MyAccount application.
-
On the Resources tab, click the Pencil icon.
-
In the Reduced Scopes section, select the Allow user actions according to granted authentication scopes checkbox.
You’ll see a caution message, reminding you to associate an authentication policy, so that users can perform actions on their devices in their MyAccount page. -
Click Continue, and then click Save.
-
If you haven’t yet associated the authentication policy with the Self Service MyAccount application, on the Policies tab, select the relevant authentication policy, and then click Save.
The next time a user goes to their MyAccount page, they must perform MFA before they can manage their authentication methods.