This text string is configurable and reflects what you entered during the OATH OTP configuration. Contact your account representative to enable this authentication mechanism. This option is disabled for new tenants by default. If your tenant is configured on CyberArk Identity 17.10 or newer, see Enable phone PIN because additional configuration is required. The user completes the action from the device to log in. When you select this option, CyberArk Identity calls the user using the stored phone number (mobile or land line) and describes an action the user must perform to complete the authentication. This option requires users to have CyberArk Identity mobile app installed on their devices and those devices must be enrolled in CyberArk Identity. Mobile device configuration policies overview for more information on the policy. This policy is in Core Services > Policies > select existing policy or create a new one > Endpoint Policies > Common Mobile Settings > Security Settings.
The availability of this mechanism to users can be controlled using the Show Mobile Authenticator by default policy. If the devices are not connected, users must manually enter the passcodes into the Admin Portal or CyberArk Identity user portal login prompt. If devices are connected via the cell network or a wi-fi connection, users can send the passcodes from the devices. If the devices are not connected, users must manually enter the passcodes into the CyberArk Identity mobile app login prompt. When you select this option, users authenticate using a one-time passcode displayed by the CyberArk Identity mobile app installed on their mobile devices. Refer to the following table for a description of available authentication mechanisms. To set the authentication mechanisms, see Create authentication profiles. Refer to Secure access with adaptive MFA for more detail. Make sure your users complete the configuration requirements for any mechanism you plan to use. Some authentication mechanisms require additional configurations before users can authenticate using those mechanisms.