The POST /environments/{{envID}}/signOnPolicies/{{policyID}}/actions operation creates the MULTI_FACTOR_AUTHENTICATION sign-on policy action resource, which is associated with the sign-on policy ({{policyID}}) specified in the request URL. This action will send a one-time passcode to the user’s SMS device.

For a sign-on action that supports a multi-factor authentication action, the sign-on policy action must enable at least one MFA device type. This action enables the sms device types and sets the email device type to false.

In this use case, the priority property in the request body is set to 1 (the highest priority) to ensure that this MULTI_FACTOR_AUTHENTICATION action is the first sign-on action.