This screen appears if:
- Two-factor authentication (2FA) is enabled.
- The authenticated user has a verified email address and a verified mobile device number.
If both of the above are true, then the authRule_secondFactor screen is displayed immediately after the user has been authenticated. The user must then click either the masked email address or the masked phone number to indicate how their 2FA access code should be sent.
Users who do not have a verified mobile device number will never see this screen. That's because, without a verified phone number, access codes are automatically sent to the user's email address.