If your deployment uses risk-based authentication (RBA), you must enable at least one identity confirmation method. RBA is a multifactor authentication solution that strengthens traditional password-based systems by applying knowledge of the client device and user behavior to assess the potential risk of an authentication request. If the assessed risk is high, the user is challenged to further confirm his or her identity using one of the following methods:
On-demand authentication (ODA). The user must correctly enter a PIN and a one-time tokencode that is sent to a preconfigured mobile phone number or e-mail account.
Security questions. The user must correctly answer one or more pre-enrolled security questions.
In the Security Console, click Authentication > Policies > Risk-Based Authentication Policies > Manage Existing.
Click the policy that you want to configure, and select Edit.
In the Identity Confirmation Methods section, select the methods that you want to enable.