> ## Documentation Index
> Fetch the complete documentation index at: https://docs.box.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Multi-Factor Authentication Required for Admin Console Critical Actions

<div className="article_labels_list" style={{display: 'none'}} dangerouslySetInnerHTML={{__html: "Security , Admin"}} />

Box adds an extra layer of security to prevent bad actors from performing critical actions in the Admin Console. For certain actions, an Admin or Co-Admin must complete an extra level of authentication before those actions can be completed. These actions are:

* [Add, change, or delete MFA (multi-factor authentication) settings for both managed and extenal users](/en/box-admin-tools/box-security/configuring-multi-factor-authentication)
* [Enable or disable the SSO Required setting](/en/box-admin-tools/box-security/setting-up-single-sign-on-sso-for-your-organization)

When an Admin or Co-Admin performs any of these actions, they will be required to perform multi-factor authentication (MFA) to complete the action, based on the following:

* If the Admin or Co-Admin is enrolled in MFA, they will be presented with the challenge based on their authentication method.
* If the Admin or Co-Admin is **not** enrolled in MFA, they will be presented with an email MFA challenge. At this stage, upon completing the challenge successfully, they will NOT be enrolled in MFA.
* If the Admin or Co-Admin is SSO enabled, they will be presented with an email MFA challenge.

<Note>
  **Note**

  After you enter an MFA challenge correctly, there is a 15-minute grace period in which you can perform other critical actions and not get another MFA challenge.
</Note>