Configuration options for MFA
-
Maybe I looked in the wrong places, but I didn't find anything in your documentation about how the MFA options can be configured.
My questions are the following:- is it possible to enforce both SMS and email verification, i.e., that both occur, not just one of them?
- is it possible to configure at what point in the flow these verifications occur?
- if not, do these verifications occurs at the end of the registration flow, or how does the registration flow look specifically?
Thanks for your help!
-
Most of the doc should now be a available for the new MFA features.
is it possible to enforce both SMS and email verification, i.e., that both occur, not just one of them?
You can configure both, but during a login flow, the user may select one of these options as the second factor to complete login. The first factor being the password.
is it possible to configure at what point in the flow these verifications occur?
No, not during login.
if not, do these verifications occurs at the end of the registration flow, or how does the registration flow look specifically?
Two Factor occurs during a login request.
There is also a Step Up Two Factor API which would allow you to perform a second factor login anytime you want within your own application.
-
There are plans for enhancing MFA in the future. You can view this github issue for details and progress: https://github.com/FusionAuth/fusionauth-issues/issues/960
If you don't see an issue corresponding to your desired enhancement, please file one.
