Employees with an administrative role in a system enterprise application are required to use two-factor authentication. This page lists the affected roles.
After the role has been removed, the employee’s two-factor status will be updated overnight and changed from ‘Required’ to ‘Option_Selected’.
The two-factor authentication will stay in place until the employee changes that feature’s option on the ‘Profile‘ tab in SSO. This page explains how to change the two-factor option.
In some cases, the employee’s roles aren’t removed until she terminates. If the employee was using her office landline for two-factor authentication, she will no longer have access to that phone to successfully log in and ‘Opt Out’ of the two-factor feature. The employee should contact the SSO Admin at her former employment location. This page lists the SSO contacts for each location.
The SSO Admin can delete any associated devices from the employee’s SSO account. The lack of a device will trigger SSO to prompt the employee to enroll a new device. This page explains how to delete a device.
After the employee’s new device has been enrolled, she can successfully log in to SSO and ‘Opt Out’ of the two-factor feature. This page explains how to enroll a device.