Customer Use Case:
The customer has Single Sign-On (SSO) enabled at the account level and enforces Multi-Factor Authentication (MFA) through their Identity Provider for SSO users. However, some users are exempt from SSO enforcement and must log in using their RingCentral credentials.

Currently, when SSO is enabled at the account level, RingCentral Multi-Factor Authentication (MFA) is disabled globally and cannot be enabled for individual users. This leaves non-SSO users without MFA protection.

The customer is requesting the ability to enable RingCentral MFA at the user level for users who are exempt from SSO enforcement while maintaining SSO and Identity Provider MFA for other users.

Problem Statement:
Accounts with SSO enabled cannot enable RingCentral MFA even for users who are not using SSO. This creates a security gap for exempt users who authenticate directly with RingCentral credentials.

Requested Functionality:
Allow administrators to enable RingCentral Multi-Factor Authentication at the user level even when SSO is enabled at the account level.

Specifically:

SSO-enabled users continue authenticating via Identity Provider MFA.

Non-SSO users authenticate using RingCentral credentials.

RingCentral MFA can be enabled individually for non-SSO users.

No requirement to disable SSO globally.

Business Impact:
Without this capability, non-SSO users cannot be protected by Multi-Factor Authentication when SSO is enabled.