Skip to content

Configuring Multifactor Authentication

You can configure identity profile settings to require users to use an external mobile authenticator to sign in to Identity Security Cloud. You can also reset multifactor authentication (MFA) for some users.

Important

In December 2023, SailPoint changed the requirements for accessing the admin interface. As part of this change, all Identity Security Cloud users with elevated permissions will be required to configure a Time-Based One-Time Password (TOTP) device. Refer to the SaaS Updates for more information.

Configuring MFA

  1. Go to Admin > Identity Management > Identity Profiles.

  2. Select the identity profile you want to configure to use MFA.

  3. Under Sign-in Method, select Multifactor Authentication.

The next time users on that source try to sign into Identity Security Cloud, they will be prompted to set up their mobile device with an external authenticator. They will be prompted for a verification code from the authenticator on subsequent logins.

Note

This is different from using two-factor authentication for password updates and authentication.

Resetting MFA

If a user cannot access Identity Security Cloud, you can reset their MFA to allow them to reauthenticate. For example, users might be locked out or have a new device. You can reset MFA for:

  • elevated accounts that require MFA by default
  • user accounts where MFA is enabled on the identity profile

To reset a user's MFA:

  1. Go to Admin > Identity Management > Identities and select the identity whose MFA you want to reset.

  2. Select Actions > Reset MFA.

    Actions menu for an identity with the Reset MFA option highlighted.

    If the option cannot be selected, the user or identity profile does not have MFA configured.

The next time the user attempts to log in, they will need to set up their multifactor authentication.

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.