Configure MFA for the Admin Portal

You can create authentication rules and profiles to enforce MFA for access to the Admin Portal, or even deny access to the Admin Portal under certain conditions. For example, you could enforce MFA or deny access for IP addresses outside of your corporate IP range.

Authentication rules define the conditions in which an authentication profile is applied. Authentication profiles are where you select the authentication mechanisms. For example, you can create a rule that requires users to provide a password and text message confirmation code if they are outside of your corporate IP range. To configure this, you need to create a rule and associate it with an authentication profile.

If you do not define any authentication rules, then a default rule and profile is used. This default rule uses the identity cookie not present condition and the Default New Device Login Profile. This profile uses Password for the first challenge and Mobile Authenticator, Text message (SMS) confirmation code, Email confirmation code, or OATH OTP Client for the second challenge with a 12 hours pass-through duration. The following image shows the default authentication rule.

Authentication rules for the Admin Portal only apply to the Admin Portal web interface, and do not restrict access to the underlying APIs.

To configure MFA for the Admin Portal