Multi-Factor Authentication (MFA) stands as one of the most secure and modern methods for user authentication. The premise is that a password alone isn't secure enough, so the user's identity must always be verified. This can be achieved through various means, one of which is phone authentication. In this method, a user either receives a code sent to their phone or gets a phone call for verification.
CoreView's “Manage MFA” action gives you the power to manage various phone authentication methods, including those associated with primary, alternate, and office mobiles. Plus, the reset feature allows you to easily remove any unwanted numbers with just a click.
How to configure phone authentication methods in “Manage MFA”
This action only works if your tenant has been configured to use the graph application and the UserAuthenticationMethod.ReadWrite.All consent has been granted.
Managing a single user
Step 1
Navigate to your tenant's Home page and select “Manage MFA” from the “Quick actions” tab.
Step 2
Select the user for whom you want to manage MFA from the list. Click “Next”.
Step 3
From the dropdown menu, select the desired MFA state. If you choose “Disabled”, the system will automatically apply these settings when MFA is activated.
Step 4
Click “Add authentication method” to add one or more phone numbers for the user. In the “Phone type” section, you can classify the number by selecting “Primary mobile”, “Alternate mobile”, or “Office”.
Once you set a primary mobile number, you can only add a secondary and an office number. You can't switch a number's type, but you can change the number itself within each type.
Step 5
If you've chosen “Primary mobile” under “Phone type”, you can enable the user to sign in via SMS by checking the “Allow SMS sign-in” box.
SMS sign-in can only be enabled for primary mobile numbers.
Step 6
If you want to remove any unwanted phone numbers, just click on the “X” located on the far right side.
Step 7
Click the “Submit” button to save your changes.
Managing multiple users
If you select multiple users from the list (as in Step 2), you won't be able to see their authentication method. You'll only be able to enable or disable the MFA.
If an operator has “Manage MFA” permission but lacks “Manage Phone Authentication Methods” permission, the section will not appear, even for individual users.
Workflow actions to manage phone authentication methods
You also have the option to integrate phone authentication management actions directly into onboarding and offboarding workflows.
The available workflow management actions can be found under the “User” category. They are:
- Add phone authentication method
- Edit phone authentication method
- Delete phone authentication method
The execution inputs required for phone authentication actions are:
- User Principal Name
- Phone number
- Phone Type: Here, you can select either “mobile”, “alternate mobile”, or “office” from a dropdown menu.