Hello,

I am currently testing MFA Authentication in our Dev environment. I have successfully enabled MFA and it is working as intended. However, I have two questions that I'm hoping the community can assist me with.

1) We have a break glass account that I would like to share with another user for MFA. Is there a way to add multiple devices for a user to choose when they receive the MFA prompt? Creating the system property glide.mfa.allow_multiple_devices as a true/false and setting it to true did not appear to work even after clearing the cache and logging back in. Of course the work around could be to create the user their own break glass account, but we really want to limit the number of these if possible.

2) We currently use DUO for our MFA application. Is there a way to force that this is the only accepted MFA application? I attempted to create a new MFA Criteria both as a full admin/security admin, but did not see the option. Is there another way to achieve this or is there something I'm missing? I also looked at DUO's documentation found here that I am working to implement, but do not see how this would restrict ServiceNow to use DUO only.

https://duo.com/docs/sso-servicenow

Any assistance is much appreciated!