question MFA Re-Login Behavior Issue after logout on ServiceNow Customer Portal in Community Central forum https://www.servicenow.com/community/community-central-forum/mfa-re-login-behavior-issue-after-logout-on-servicenow-customer/m-p/3486795#M6039 <P class=""><SPAN>Hello Team,<BR /><BR /></SPAN></P><P class=""><SPAN>We have enabled user-based MFA for external customer users.<BR /><BR />Step-Up MFA Policy- Enforce MFA for non-SSO logins<BR /><BR />In the Multi-Factor Authentication properties, the following options are set to </SPAN><STRONG><SPAN>Yes</SPAN></STRONG><SPAN>:</SPAN></P><UL><LI><P class=""><SPAN>Enable Email OTP for Multi-Factor Authentication</SPAN></P></LI><LI><P class=""><SPAN>Enable enhanced MFA setup UI to allow users to configure factors independently</SPAN></P></LI></UL><P class=""><SPAN>During testing in the Dev environment, the test user is prompted to configure MFA using both </SPAN><STRONG><SPAN>Authenticator App</SPAN></STRONG><SPAN> and </SPAN><STRONG><SPAN>Email OTP</SPAN></STRONG><SPAN>, and login works successfully with either method.<BR /><BR /></SPAN></P><P class=""><SPAN>However, after the user logs out of the customer portal and attempts to log in again, the following message is displayed for both methods:<BR /><BR /></SPAN></P><P class=""><STRONG><EM>“Your account requires Multi-factor authentication. Please enter the 6-digit code generated by the authenticator app on your mobile device.”<BR /><BR /></EM></STRONG>Screenshot is also attached&nbsp;for your reference.<STRONG><EM><BR /><BR /></EM></STRONG></P><P class=""><SPAN>Even when MFA is unchecked on the user record, and all entries are deleted from </SPAN><STRONG><SPAN>User Multifactor Authentications</SPAN></STRONG><SPAN>, the user is again prompted to set up MFA with both App and Email on next login — but the same message appears after logout and re-login.<BR /><BR /></SPAN></P><P class=""><SPAN>This behavior is consistent:</SPAN></P><UL><LI><P class=""><SPAN>In a fresh browser window</SPAN></P></LI><LI><P class=""><SPAN>In a different browser<BR /><BR /></SPAN><SPAN><STRONG>Note</STRONG>: Email OTP is retrieved from logs, as email sending is restricted in the Dev environment.</SPAN></P></LI></UL><P class=""><SPAN>Could you please review and advise on this MFA login behavior and suggest if we missed anything or any change required in MFA Policy?<BR /><BR /></SPAN></P><P><SPAN>Best regards,</SPAN><BR /><SPAN>Ajay Bonsray</SPAN></P> Wed, 11 Feb 2026 12:06:14 GMT ajaybonsray 2026-02-11T12:06:14Z MFA Re-Login Behavior Issue after logout on ServiceNow Customer Portal https://www.servicenow.com/community/community-central-forum/mfa-re-login-behavior-issue-after-logout-on-servicenow-customer/m-p/3486795#M6039 <P class=""><SPAN>Hello Team,<BR /><BR /></SPAN></P><P class=""><SPAN>We have enabled user-based MFA for external customer users.<BR /><BR />Step-Up MFA Policy- Enforce MFA for non-SSO logins<BR /><BR />In the Multi-Factor Authentication properties, the following options are set to </SPAN><STRONG><SPAN>Yes</SPAN></STRONG><SPAN>:</SPAN></P><UL><LI><P class=""><SPAN>Enable Email OTP for Multi-Factor Authentication</SPAN></P></LI><LI><P class=""><SPAN>Enable enhanced MFA setup UI to allow users to configure factors independently</SPAN></P></LI></UL><P class=""><SPAN>During testing in the Dev environment, the test user is prompted to configure MFA using both </SPAN><STRONG><SPAN>Authenticator App</SPAN></STRONG><SPAN> and </SPAN><STRONG><SPAN>Email OTP</SPAN></STRONG><SPAN>, and login works successfully with either method.<BR /><BR /></SPAN></P><P class=""><SPAN>However, after the user logs out of the customer portal and attempts to log in again, the following message is displayed for both methods:<BR /><BR /></SPAN></P><P class=""><STRONG><EM>“Your account requires Multi-factor authentication. Please enter the 6-digit code generated by the authenticator app on your mobile device.”<BR /><BR /></EM></STRONG>Screenshot is also attached&nbsp;for your reference.<STRONG><EM><BR /><BR /></EM></STRONG></P><P class=""><SPAN>Even when MFA is unchecked on the user record, and all entries are deleted from </SPAN><STRONG><SPAN>User Multifactor Authentications</SPAN></STRONG><SPAN>, the user is again prompted to set up MFA with both App and Email on next login — but the same message appears after logout and re-login.<BR /><BR /></SPAN></P><P class=""><SPAN>This behavior is consistent:</SPAN></P><UL><LI><P class=""><SPAN>In a fresh browser window</SPAN></P></LI><LI><P class=""><SPAN>In a different browser<BR /><BR /></SPAN><SPAN><STRONG>Note</STRONG>: Email OTP is retrieved from logs, as email sending is restricted in the Dev environment.</SPAN></P></LI></UL><P class=""><SPAN>Could you please review and advise on this MFA login behavior and suggest if we missed anything or any change required in MFA Policy?<BR /><BR /></SPAN></P><P><SPAN>Best regards,</SPAN><BR /><SPAN>Ajay Bonsray</SPAN></P> Wed, 11 Feb 2026 12:06:14 GMT https://www.servicenow.com/community/community-central-forum/mfa-re-login-behavior-issue-after-logout-on-servicenow-customer/m-p/3486795#M6039 ajaybonsray 2026-02-11T12:06:14Z