Use the MFA Policies page to create, update, or delete multi-factor authentication (MFA) policies. After creating an MFA policy, you can refer to it in any authentication or registration flow designed in PingOne, PingOne DaVinci, or the PingOne MFA API.
An MFA policy allows you to define and configure the authentication methods that you want to use in your authentication policy. The MFA policy is then added as an MFA step in your authentication policy.
An MFA policy includes the following configuration information:
- The authentication methods that the policy allows
- The configurations specific to the authentication method, such as how many failed passcode attempts are allowed and how long users should be blocked after passcode failure
Default MFA policy
When you create a new environment, a default MFA policy is added to the MFA Policies page automatically. You can modify the default policy or create additional MFA policies. The default policy serves the following purposes:
- When defining an authentication policy in PingOne, you can add an MFA step and select the Use Default Policy option. This means that the authentication policy will use whatever MFA policy is currently set to be the default MFA policy for the environment.
- The DaVinci PingOne MFA connector includes a policy ID in its configuration. If you do not specify an MFA policy, the connector will use whatever MFA policy is currently set to be the default MFA policy for the environment.
- In the PingOne MFA API, there are calls that allow you to specify a particular MFA policy to use. In these situations, if you do not specify an MFA policy, the flow will use whatever MFA policy is currently set to be the default MFA policy for the environment.