allow-users-to-skip-two-factor-authentication-setup-dfb08b3.md

Allow Users To Skip Two-Factor Authentication Setup

You can set the number of days for which the users can postpone the enabling of second factor for authentication.

Prerequisites

• You are assigned the Manage Tenant Configuration role. For more information about how to assign administrator roles, see Edit Administrator Authorizations.

• You have configured the application or the tenant to require two-factor authentication. For more information, see Configure Risk-Based Authentication for an Application or Configure Default Risk-Based Authentication for All Applications in the Tenant.

Context

The number of days for which users can postpone the enabling of second factor can be set between 1 and 14 days. The configuration is valid for all applications in the tenant.

If the tenant or application requires two-factor authentication, and the users don't have an enabled two-factor authentication method, or the method that is enabled is not among the ones required by the application, at sign-in users can choose to skip the enabling of two-factor authentication for the period defined by the tenant administrator. The users can sign in without providing a second factor until the grace period expires.

Users can be notified for their choice, if the security alert notification is switched on. They receive a security alert email after they first skip the enabling of two-factor. For more information about how to configure the e-mail alerts, see Send Security Alert Emails.

Procedure

1. Sign in to the administration console for SAP Cloud Identity Services.

2. Under Applications and Resources, choose the Tenant Settings tile.

   At the top of the page, you can view the administrative and license relevant information of the tenant.

3. Choose the Multi-Factor Authentication list item.

4. Under Additional Settings for Multi-Factor Authentication, choose Edit.

5. Under Second Factor Activation Postponement, choose Enabled.

6. Manually configure the number of days for which users can postpone the enabling of second factor.

7. Save your changes.

   If the operation is successful, the system displays the message Additional Multi-Factor Authentication Settings updated.

Related Information

Deactivate Two-Factor Authentication

Deactivate User Devices for TOTP Two-Factor Authentication

Unlock User TOTP Passcode

Remove User Device for Web Two-Factor Authentication

Unlock User SMS Code

Allow Users to Protect Accounts with Second Factor for Authentication