• Home
  • Categories
  • Recent
  • Popular
  • Pricing
  • Contact us
  • Docs
  • Login
FusionAuth
  • Home
  • Categories
  • Recent
  • Popular
  • Pricing
  • Contact us
  • Docs
  • Login

Can I enforce MFA for my users?

Scheduled Pinned Locked Moved
Q&A
mfa multi factor
0
2
1.0k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D
    dan
    last edited by dan 6 Feb 2021, 15:24 2 Jun 2021, 15:24

    Can I force all users within an application or role to use MFA?

    --
    FusionAuth - Auth for devs, built by devs.
    https://fusionauth.io

    1 Reply Last reply Reply Quote 0
    • D
      dan
      last edited by 2 Jun 2021, 15:33

      There is no out of the box solution for this. See https://github.com/FusionAuth/fusionauth-issues/issues/763 for the tracking issue.

      However you can still do this with the API.

      If you are consuming a JWT, you can see if a user has enabled two factor authentication by putting a claim in the JWT using a populate lambda. Look at the user object and if the twoFactor.methods array isn't empty, they have enabled MFA. If you are not using a JWT but instead examining the user object directly, you can look at the same attributes.

      In each case, you should set up a page to allow the user to enable MFA and keep directing them there until they have done so. You can either build your own 'MFA enable' page or, if you have a paid edition, use the themeable account self service pages, as documented here: https://fusionauth.io/docs/v1/tech/account-management/

      --
      FusionAuth - Auth for devs, built by devs.
      https://fusionauth.io

      1 Reply Last reply Reply Quote 0
      1 out of 2
      • First post
        1/2
        Last post