The POST /environments/{environmentId}/signOnPolicies/{policyId}/actions operation creates the MULTI_FACTOR_AUTHENTICATION sign-on policy action resource, which is associated with the sign-on policy ({policyId}) specified in the request URL. This action will send a one-time passcode to the user’s SMS device.

For a sign-on action that supports a multi-factor authentication action, the sign-on policy action must enable at least one MFA device type. This action enables the sms device types and sets the email device type to false.