The POST /environments/{{envID}}/signOnPolicies/{{policyID}}/actions operation creates the MULTI_FACTOR_AUTHENTICATION sign-on policy action resource, which is associated with the sign-on policy ({{policyID}}) specified in the request URL. This action will send a one-time passcode to the user’s SMS device.

For a sign-on action that supports a multi-factor authentication action, the sign-on policy action must enable at least one MFA device type. This action enables the sms device types and sets the email device type to false.