How can we configure MFA for forget password and for resetting the password. I want that if the user is not in particular zone or network and if they try to reset the password the second factor of auhentication is needed for them but if the user is in particular zone MFA is not needed for them.
There currently is not an option to assign different change password policy options today. The user would have the default option to have two criteria requirements to be fullfilled. The first is email, and the second is to supply the answer to the password reset (registered) Q&A. You can optionionally configue to use an SMS or Voicecall instead of email notification under the "Security", "Authentication", "Password", policy configuration.