1 min read

Enforcing Multi-Factor Authentication (MFA) Upon Scope Grant

Require Two-Factor Authentication (2FA) from users granting their consent to a service access scope.


Service with access scopes added.

Enable Scope Governance for Users

  1. Navigate to Applications » Services » your service » Scopes.

  2. Select Govern Scopes.

  3. Enable the Human Users option.

  4. Optionally, restrict access by default with a policy for all new scopes.


    If you wish, you may select the MFA User policy that will be applied to all new scopes that you add in the future requiring MFA from users that consent to access to those scopes.

  5. Close.

Require MFA From Users Granting Access to Scope

  1. Select the Assign Policy button next to the scope you wish to restrict with MFA Policy under the Users column.

    Assign Policy to User Enforcement Point

  2. Assign the MFA User policy.

    Assign MFA Policy to Scope


Users are required to authenticate using the second factor before granting their consent for client application to access protected scope.

Scope with MFA policy

Updated: Nov 2, 2023