Forum Discussion

ttopper's avatar
ttopper
Copper Contributor
Jul 09, 2024

Users being prompted for phone despite methods being disabled

Recently we pushed a change to disabled authentication with anything except MS Auth app, software OATH, or FIDO2. Despite this, some users (no discernable correlation between them), are being prompted to register their phone number when signing in, and they are still not allowed to use the phone methods (SMS/Voice call) for sign in.

Checking the evaluated authentication policy for these users shows the "Status" for phone methods as being Enabled, however clicking the settings for SMS shows that the method is not usable for sign in.

Just wondering if anyone has experienced similar and would know how to prevent users from being prompted for phone registration in future.

  • sdahiya4's avatar
    sdahiya4
    Brass Contributor
    Do you have Registration policy enabled for Password Reset by any chance?
    • ttopper's avatar
      ttopper
      Copper Contributor
      I did check this - we disabled all legacy SSPR + authentication methods, and this includes password reset registration.

Resources