If you have activated MFA (multi-factor authentication) for a domain, all users with an email address that matches the domain name can have an individual configuration for multi-factor authentication.

You can perform the following multi-factor authentication for individual domain users:

• Resetting MFA Enrollment
• Activating MFA
• Deactivating MFA

Changes made to these options are reflected in the MFA column of the Domain Users table. This option is related to MFA Configuration in the Authentication tab, which configures MFA for all users in a selected domain. Note that if a domain is configured with a 3rd party IdP, all users with a matching email domain will have their MFA status deactivated.

Resetting MFA Enrollment

You can reset multi-factor enrollment for specific users. When you reset enrollment for a user, the user must reconfigure multi-factor authentication when logging in to Infoblox services the next time.

To reset MFA enrollment for a domain user, complete the following:

1. Log in to the Infoblox SSO Portal at https://sso.infoblox.com/.
2. Click User Access -> Domain Users tab.
3. Select a domain user in the table, and then click Reset MFA Enrollment from the MFA drop-down menu.
   

Activating MFA

You can activate multi-factor authentication for specific users. When you activate MFA for a user, the user must configure multi-factor authentication during the next login to Infoblox services.

To activate MFA for a domain user, complete the following:

1. Log in to the Infoblox SSO Portal.
2. Click User Access -> Domain Users tab.
3. Select a domain user in the table, and then click Activate MFA from the MFA drop-down menu.
   

Deactivating MFA

You can deactivate multi-factor enrollment for specific users. When you deactivate MFA for a user, the user is no longer authenticated via MFA.

To deactivate MFA for a domain user, complete the following:

1. Log in to the Infoblox SSO Portal.
2. Click User Access -> Domain Users tab.
3. Select a domain user in the table, and then click Deactivate MFA from the MFA drop-down menu.
   

If you have activated MFA (multi-factor authentication) for a domain, all users with an email address that matches the domain name can have an individual configuration for multi-factor authentication.

You can perform the following multi-factor authentication for individual domain users:

• Resetting MFA Enrollment
• Activating MFA
• Deactivating 3rd Party IdP Authentication

Changes made to these options are reflected in the MFA column of the Domain Users table. This option is related to MFA Configuration in the Authentication tab, which configures MFA for all users in a selected domain. Note that if a domain is configured with a 3rd party IdP, all users with a matching email domain will have their MFA status deactivated.

Resetting MFA Enrollment

You can reset multi-factor enrollment for specific users. When you reset enrollment for a user, the user must reconfigure multi-factor authentication when logging in to Infoblox services the next time.

To reset MFA enrollment for a domain user, complete the following:

1. Log in to the Infoblox SSO Portal at https://sso.infoblox.com/.
2. Click User Access -> Domain Users tab.
3. Select a domain user in the table, and then click Reset MFA Enrollment from the MFA drop-down menu.
   

Activating MFA

You can activate multi-factor authentication for specific users. When you activate MFA for a user, the user must configure multi-factor authentication during the next login to Infoblox services.

To activate MFA for a domain user, complete the following:

1. Log in to the Infoblox SSO Portal.
2. Click User Access -> Domain Users tab.
3. Select a domain user in the table, and then click Activate MFA from the MFA drop-down menu.
   

Deactivating MFA

You can deactivate multi-factor enrollment for specific users. When you deactivate MFA for a user, the user is no longer authenticated via MFA.

To deactivate MFA for a domain user, complete the following:

1. Log in to the Infoblox SSO Portal.
2. Click User Access -> Domain Users tab.
3. Select a domain user in the table, and then click Deactivate MFA from the MFA drop-down menu.