After a user completes first-factor authentication, the adapter gets a list of the user's second-factor authentication methods from PingOne. For users that don't have any existing authentication methods, the MFA setup prompt appears.


A screenshot that shows the MFA setup prompt with the Skip option enabled.

The user can click Setup, then select the type of authentication method they want to add. You can include an optional Skip button if you don't want to force users to set up MFA.

Note:

To enable this feature, follow this guide while you complete the steps in MFA setup.

  1. When Configuring an adapter instance, do the following:
    1. Select the Prompt Users to Set Up MFA check box.
    2. If you want to make MFA optional, select the Allow Users to Skip MFA Setup check box.
      This lets the user sign on without adding an authentication method.
  2. When Creating an MFA authentication policy in PingOne, in the None or incompatible methods section, select Block.

    A screenshot that shows the PingOne authentication policy.