Use the MFA factor policies to specify the types of authentication factors that you would like to permit for your instance.

MFA factor policies are a critical component of an organization's security posture, enabling you to enforce additional verification steps beyond passwords. These policies define the authentication methods that users must employ to access your organization's resources, providing a flexible and customizable approach to authentication.

Implementing MFA factor policies is essential for enhancing the security of your organization's systems and data. These policies provide an additional layer of protection against cyberthreats, making it more difficult for attackers to gain unauthorized access.

To use the MFA factor policies you have to configure the policy inputs and policy conditions along with an MFA Context. To know more, see Multi-factor Authentication context.

Following are the MFA factor policies available in ServiceNow that enables you to specify the types of authentication factors that are permitted or required:

• FIDO2
• SMS
• Email

To get the most out of MFA factor policies, you need to understand how to configure and manage them effectively. This includes defining the authentication methods, specifying policy inputs and conditions, and configuring policy enforcement (MFA Context). By understanding and implementing MFA factor policies, you can significantly improve the security and integrity of your organization's systems and data.