How do I configure MFA for multiple users using the same account?

There is no built in way to configure MFA for users sharing accounts. We recommend that each user has an individual account so that if there is an attempted breach, you can identify whose credentials have been stolen, and know where the legitimate user has logged in from. Having multiple users using the same account makes you vulnerable for attacks.

However, if you do have users sharing one account, you can configure both accounts with an authenticator app that generates a TOTP code. Users sharing the same AD account will need to go through the enrollment steps together. The users will need to simultaneously scan the QR code at the time of enrollment, and this will allow them to use the same TOTP code for MFA. Since you cannot add a user or another enrollment method later, both users need to be in front of the same screen to scan the QR code.

This option is not possible for USB tokens.