MFA enrollment
Before we can do anything, we must enable the different kinds of authenticators that we want to allow our end users to be able to enroll in. Navigate to Security | Authenticators. On the first tab, you will choose which authenticators you want to be available. Remember, any authenticators you enable aren’t mandatory to all end users and are not active until end users enroll themselves in them. You can have your end users enroll in them by using a combination of global session policies, enrollment policies, and authentication policies. We will be able to create policies and assign them to different groups or users in the same way as we did for sign-on in Chapter 3, Using Single Sign-On for a Great End User Experience. Figure 4.23 shows the authenticators that are available when you click Add Authenticator:
Figure 4.23 – Authenticators that are available to add and information on which are already enabled
Click Add under any...
