Prerequisites
Service with access scopes added.
Enable Scope Governance for Users
-
Navigate to Applications » Services » your service » Scopes.
-
Select Govern Scopes.
-
Enable the Human Users option.
-
Optionally, restrict access by default with a policy for all new scopes.
Tip
If you wish, you may select the MFA User policy that will be applied to all new scopes that you add in the future requiring MFA from users that consent to access to those scopes.
-
Close.
Require MFA From Users Granting Access to Scope
-
Select the Assign Policy button next to the scope you wish to restrict with MFA Policy under the Users column.
-
Assign the MFA User policy.
Result
Users are required to authenticate using the second factor before granting their consent for client application to access protected scope.