This page provides you with information on multi-factor authentication.
Multi-factor authentication (MFA) is a security process in which a user provides two or more authentication factors to verify their identity. The MFA workflow is as follows:
- Generate token - v1/token/generate
- Use the session ID and generate MFA OTP - v1/mfa/OTP/generate
- Validate the OTP - v1/mfa/OTP/validate
By default, to set and reset the MFA password, you need to generate OTP and validate it. But, you can define the configuration and disable it as required.
| Configuration | Description | Default value |
|---|---|---|
| CONF_SKIP_OTP_VALIDATE | If enabled, disables the requirement for OTP validation during the MFA password set-up. | FALSE |
| CONF_SKIP_OTP_VALIDATE_RESET | If enabled, disables the requirement for OTP validation during the MFA password reset. | FALSE |
You can also enable the OTP validation for MFA password set-up and disable the OTP validation for password reset or vice-versa.
Below is a flow chart indicating the steps involved in OTP validation. The steps are the same for both, a first-time user and an old user of a brand.
Enabling MFA
To use MFA, it needs to be enabled for your brand. To enable MFA, raise a ticket to the sustenance team.