Limit multifactor authentication from the same device

You can limit the authentication mechanisms available to users when they use the same mobile device for authentication and accessing the user portal. Only the following authentication methods will be available from the same mobile device: email, security question, and password. For example, if a user is accessing the user portal from her mobile phone, then she cannot use that same phone to authenticate via text message, phone call, mobile authentication, or scanning a CyberArk Identity Connector generated QR code.

This policy is intended for government agencies needing to fulfill NIST compliance and is disabled by default.

To limit multifactor authentication from the same device:

  1. Log in to the Identity Administration portal.
  2. Click Core Services > Policies.
  3. Select the relevant policy or create a new one,
  4. Click User Security Polices > Login Authentication.
  5. Uncheck the Allow additional authentication from same device setting in the Other Settings section.
  6. Click Save.