FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    MFA web hooks

    Scheduled Pinned Locked Moved Unsolved
    Q&A
    2
    4
    953
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      harish_reddy
      last edited by

      Should not the web hooks for MFA be part of MFA feature?

      8e7f6301-14a6-4cb9-966e-5455b9f333c9-image.png

      danD 1 Reply Last reply Reply Quote 0
      • danD
        dan @harish_reddy
        last edited by dan

        Hiya @harish_reddy !

        Webhooks for MFA enablement are an enterprise feature, like many of the advanced security features (IP ACLs, some email workflows, rate limiting). These webhooks are often ingested into a SIEM (Security information and event management) system for threat monitoring, which is an enterprisey thing to need to do. Similarly, the ability to apply MFA policies to a given application is restricted to the enterprise license.

        You can enable and enforce MFA methods at the starter/essentials, but you don't get any of the enterprise webhooks unless you purchase an enterprise license.

        Hope that helps clarify things and sorry for the confusion.

        You can find all of our features broken out by plan here: https://fusionauth.io/docs/get-started/core-concepts/editions-features

        If you have further questions, feel free to contact our technical sales team: https://fusionauth.io/contact

        --
        FusionAuth - Auth for devs, built by devs.
        https://fusionauth.io

        H 1 Reply Last reply Reply Quote 0
        • H
          harish_reddy @dan
          last edited by

          @dan

          These webhooks are often ingested into a SIEM

          This is one use case. Agreed.

          There might be some applications where UI has to update based on user actions related to MFA on fusionauth pages.

          We are using some work arounds for now. But, I think without these webhooks, MFA is incomplete feature.

          danD 1 Reply Last reply Reply Quote 0
          • danD
            dan @harish_reddy
            last edited by

            @harish_reddy Thanks for the feedback, we appreciate it. While I think it is unlikely we'd separate out those webhooks, you are welcome to add a GH issue with your feedback and we can see how others in the community feel about the topic.

            --
            FusionAuth - Auth for devs, built by devs.
            https://fusionauth.io

            1 Reply Last reply Reply Quote 0
            • First post
              Last post