---
title: Require users to perform MFA to manage MyAccount page (Customer only)
description: You can configure the Self-Service-MyAccount application to require users to authenticate with multi-factor authentication (MFA) before they can manage their authentication methods.
component: pingone
page_id: pingone:user_experience:p1_require_mfa_to_access_myaccount
canonical_url: https://docs.pingidentity.com/pingone/user_experience/p1_require_mfa_to_access_myaccount.html
revdate: May 22, 2025
section_ids:
  before-you-begin: Before you begin
  about-this-task: About this task
---

# Require users to perform MFA to manage MyAccount page (Customer only)

You can configure the Self-Service-MyAccount application to require users to authenticate with multi-factor authentication (MFA) before they can manage their authentication methods.

When you enable this option, users that don't perform MFA will see their list of authentication methods as read-only.

|   |                                                                                                                                                                                                                   |
| - | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | This procedure covers customer use cases only (PingOne MFA). For Workforce use cases, see **Manage Authentication** in [Configuring the Self Service portal end-user experience](p1_configure_self_service.html). |

## Before you begin

* Create an authentication policy that includes an MFA step, and associate it with the **Self Service-MyAccount** application. Learn more in [Adding a multi-factor authentication or PingID step](../authentication/p1_add_mfa_step.html).

## About this task

1. In the PingOne admin console, go to **Applications > Applications**, and click the **PingOne Self-Service - MyAccount** application.

2. On the **Resources** tab, click the **Pencil** icon.

3. In the **Reduced Scopes** section, select the **Allow user actions according to granted authentication scopes** checkbox.

   |   |                                                                                                                                                                |
   | - | -------------------------------------------------------------------------------------------------------------------------------------------------------------- |
   |   | You'll see a caution message, reminding you to associate an authentication policy, so that users can perform actions on their devices in their MyAccount page. |

4. Click **Continue**, and then click **Save**.

5. If you haven't yet associated the authentication policy with the **Self Service MyAccount** application, on the **Policies** tab, select the relevant authentication policy, and then click **Save**.

The next time a user goes to their MyAccount page, they must perform MFA before they can manage their authentication methods.