Administrative permissions that require 2FA include:
-
Access Token Management (for Token-based Authentication)
-
Core Administration Permissions
-
Two-Factor Authentication base (permission to designate roles as 2FA authentication required and specify the duration of trusted devices for those roles)
-
Set Up OpenID Single Sign-on
-
Set Up SAML Single Sign-on
-
Integration Application
-
Device ID Management
Note
Standard roles with the Two-Factor Authentication base permission include Marketing Administrator, Sales Administrator, Support Administrator, and System Administrator.