Multi-factor Options
Multi-factor Authentication
Following multi-factor authentication (MFA) methods are supported.
| Authentication Method | Enabled | Description |
|---|---|---|
| One-time password (TOTP) | Yes | Time-based one-time password. Requires user to install Authenticator apps like Google Authenticator or Authy and sync secretes using barcode scanning. |
| One-time password (HOTP) | No | HMAC-based one-time password. Requires user to install Authenticator apps like Google Authenticator or Authy and sync secretes using barcode scanning. |
| Backup codes | Yes | Long-lived backup or recovery codes which can be saved somewhere safe for emergency use. |
| Yes | One-time password sent by email. Avoid using this method if password recovery method is email-based. Requires verified email. | |
| SMS | No | One-time password sent by email. Avoid using this method if password recovery method is SMS-based. Requires verified mobile number. |
| Trusted Device | Yes | Allow user to trust the browser and skip two-factor authentication for next 30 days. |
| FIDO2 and WebAuthn | - | Coming soon. |
important
- Multi-factor authentication is not supported for passwordless login.
- Multi-factor authentication can be enabled only at user level.
- A user need to opt-in before being asked for multi-factor authentication.
Multi-factor Options
Navigate to Tenant and then find Multi-factor Options panel under Tenant Settings tab. You can enable or disable one or more multi-factor authentication methods and click Update Details.
