diff --git a/tabcmd/commands/user/user_data.py b/tabcmd/commands/user/user_data.py
index 5251aba4..dc048883 100644
--- a/tabcmd/commands/user/user_data.py
+++ b/tabcmd/commands/user/user_data.py
@@ -75,7 +75,13 @@ def to_tsc_user(self) -> TSC.UserItem:
     "Unlicensed",
 ]
 
-auth_types = ["Local", TSC.UserItem.Auth.SAML, TSC.UserItem.Auth.OpenID, TSC.UserItem.Auth.ServerDefault, "TableauId"]
+auth_types = [
+    "Local",
+    TSC.UserItem.Auth.SAML,
+    TSC.UserItem.Auth.OpenID,
+    TSC.UserItem.Auth.ServerDefault,
+    TSC.UserItem.Auth.TableauIDWithMFA,
+]
 
 
 # username, password, display_name, license, admin_level, publishing, email, auth type
@@ -116,9 +122,8 @@ def set_auth_arg(parser):
             choices=auth_types,
             type=case_insensitive_string_type(auth_types),
             # default="TableauID",  # default is Local for on-prem, TableauID for Online. Does the server apply the default?
-            help="Assigns the authentication type for all users in the CSV file. \
-    For Tableau Online, TYPE may be TableauID (default) or SAML. \
-    For Tableau Server, TYPE may be Local (default) or SAML.",
+            help="Assigns the authentication type for all users in the CSV file.  Possible roles: "
+            + ", ".join(auth_types),
         )
         return parser
 
diff --git a/tests/parsers/test_parser_create_site_users.py b/tests/parsers/test_parser_create_site_users.py
index 5b46bd00..8fe074df 100644
--- a/tests/parsers/test_parser_create_site_users.py
+++ b/tests/parsers/test_parser_create_site_users.py
@@ -28,3 +28,23 @@ def test_create_site_user_parser_role(self):
             mock_args = [commandname, "users.csv", "--site", "site-name"]
             args = self.parser_under_test.parse_args(mock_args)
             assert args.site_name == "site-name", args
+
+    def test_create_site_user_parser_auth_Default(self):
+        with mock.patch("builtins.open", mock.mock_open(read_data="test")):
+            mock_args = [commandname, "users.csv", "--site", "site-name", "--auth-type", "ServerDefault"]
+            args = self.parser_under_test.parse_args(mock_args)
+            assert args.site_name == "site-name", args
+            assert args.auth_type == "ServerDefault", args
+
+    def test_create_site_user_parser_auth_MFA(self):
+        with mock.patch("builtins.open", mock.mock_open(read_data="test")):
+            mock_args = [commandname, "users.csv", "--site", "site-name", "--auth-type", "TableauIDWithMFA"]
+            args = self.parser_under_test.parse_args(mock_args)
+            assert args.site_name == "site-name", args
+            assert args.auth_type == "TableauIDWithMFA", args
+
+    def test_create_site_user_parser_auth_TAbId_NotAvailable(self):
+        with mock.patch("builtins.open", mock.mock_open(read_data="test")):
+            mock_args = [commandname, "users.csv", "--site", "site-name", "--auth-type", "TableauId"]
+            with self.assertRaises(SystemExit):
+                args = self.parser_under_test.parse_args(mock_args)