Require 2fa, multiple policies

let’s say that I have a Role with multiple Policies. some have App Access and one has Require 2FA checked.

does that Require 2FA apply to the whole account when they try to log in? what happens if some policies Require 2FA but others don’t (assuming a Role has one of both)?

Thanks for the question! Great question actually - I hadn’t tested this before, but I did just test it out.

If you require two-factor authentication as part of one policy, any user that has a role containing that policy will have to use two-factor authentication. This applies regardless of whether any of the other policies assigned to that role require it or not.

So essentially, if any policy on a user’s role requires 2FA, then 2FA becomes mandatory for that user across the board.