When can 2FA/MFA be prompted?

CyberArk can prompt for 2FA/MFA in various scenarios to enhance security. For instance, when a user clicks on an app file within the User Portal, MFA can be required to verify the user’s identity before granting access. Similarly, when making changes to a policy in the Admin Portal, MFA can be prompted to ensure that only authorized personnel are making significant alterations to the security policies.

References: The official CyberArk documentation outlines the conditions under which MFA may be required, including accessing the User Portal and making policy changes in the Admin Portal12.