Support Agent Notes:

Additional Testing Notes

If you are signed in as an admin and sign onto a user-side profile, you will not be prompted to enter any one-time passwords regardless of the site settings.

This happens regardless of signing in using the ‘login as user’ option on a user’s account page, or if the username and password are entered manually.

This check is based on having an active admin session.

MFA is Required, But User Has No Password Set

A issue was found where if MFA is required on a site, but a new user is created, they will have a password of null, which prevents the enabling of one-time passwords for their account.

If the user has a null password, they will be forced to activate their account so they can be made to setup MFA when it is required by the site.

A new user creates an account, and has their password set to null
Passwords are setup by activating an account from the activation email
The site has MFA set to required, so instead of being directed to the MFA page, the user is redirected to the send new activation email page, which will remain until the user sets a password and activates their account.
After the user sets a password on their account, if MFA is required by the site, they will now be directed to that page until they set it up.
After the user has activated their account by setting a password and enabled one-time passwords for their account, they will be able to access the rest of the user site.
Again, this process is only needed when MFA is set as required for site users, but not when set to enabled but optional for site users.

Browser not supported