1. Authentication
  • Overview
  • Application Guides
    • Frontend
      • Get Started - React App
      • Get Started - HTML and JS
      • Get Started - Angular JS
      • Get Started - Next JS App
    • Backend
      • Get Started - Node JS
      • Get Started - Golang
      • Get Started - ASP.NET
      • Get Started - JAVA
  • Dashboard
    • API Credentials
    • Organization
    • Social Login
    • Customize Email Template
    • Configure Custom Domain
    • IT Admin Portal
  • Authentication
    • Login Widget
    • Magic Link
    • Google Social Login
    • Multi-Factor Authentication
    • Single Sign-On Overview
    • Setup SSO Connection
  • Security
    • Overview
    • Authentication
      • Password Hashing and Storage
      • Multi-Factor Authentication Methods and Implementation
      • Session Management
    • Attack Protection
      • Bot Detection
      • Breached Password Detection
      • Brute Force Protection
      • Log Events
      • Secure JSON Web Tokens (JWT)
      • Secure OpenID Connect (OIDC)
      • Suspicious IP Throttling
    • Data Security
      • Data Encryption At Rest and In Transit
      • Secure Storage of Secrets (Keys, Credentials)
      • Sensitive Data Handling
    • Infrastructure
      • Security Considerations for Cloud Provider or Deployment Model
      • Threat Modeling
  • API References
    • Authentication
      • MagicLink
        • Email a Magic Link
        • Resend Email Magic Link
        • Verify Magic Link
        • Ping Status
      • Magic Auth Code
        • Email a Magic Auth Code
        • Resend Magic Auth Code
        • Verify Magic Auth Code
      • Phone Authentication
        • Send Magic Auth Code via SMS
        • Resend Magic Auth Code via SMS
        • Phone Magic Auth Verify
      • PassKey
        • Initiate Passkey Login
        • Passkey Registration Initialize
        • Finish Passkey Authentication
        • Complete Passkey Registration
        • Check User Passkey Authentication Status
        • List User PassKey Credentials
        • Update Passkey Name
        • Delete Associated Passkey
      • GET Auth Status
    • Token
      • Refresh Token
      • Access Token By Auth Code
    • Mutli-Factor Authentication (MFA)
      • MFA Access Token
      • List of Authenticators
      • MFA Enroll TOTP
      • Initiate MFA
      • QR Code Image API
      • Validate MFA Token
      • Get Backup Code
    • Role And Permission
      • List All Roles
      • List All Permission
      • Create New Role
      • Update Existing Role
      • Update Permission By Permission Id
      • Remove Organization Role By Role Id
      • Remove Organization Permission By Permission Id
    • User Management
      • List All Users
      • GET User By User Id
      • GET User by User Email Address
      • Create a User
      • Update User by User Id
      • Verify User Status By User Id
      • Delete User By User Id
      • Manage User Roles
      • GET Users Organizations
      • GET User Login Logs
    • Organization
      • Add New Organization
      • Get Organization
      • Get All Organization
      • Update Organization
      • Delete Organization
      • GET Configuration By Client Id
      • GET Configuration By Custom Domain
  1. Authentication

Multi-Factor Authentication

This document explains how to enable Multi-Factor Authentication (MFA) for your application using SSOJet. MFA adds an extra layer of security during login by requiring users to provide a one-time password (OTP) in addition to their username and password. This significantly reduces the risk of unauthorized access even if a hacker steals a user's credentials.

Why MFA#

Enhanced Security: MFA makes it much harder for attackers to gain access to your application, even if they manage to steal a user's login credentials.
Improved User Confidence: By implementing MFA, you demonstrate to your users that you take their security seriously, which can help to build trust and confidence in your application.
Compliance Requirements: Many regulations and industry standards require the use of MFA for access to sensitive data.

Getting Started with SSOJet Login Widget and MFA#

SSOJet simplifies the process of enabling MFA for your application. The SSOJet Login Widget, a pre-built user interface element, handles the user experience for both initial MFA setup and subsequent login with MFA.
The Login Widget takes care of the following tasks:
Guiding users through the process of enrolling their chosen MFA factors (e.g., authenticator app, SMS).
Collecting and validating one-time passcodes during the login process.
This streamlines the implementation process for you, allowing you to focus on your core application functionalities.

Enabling MFA in the SSOJet Dashboard#

Here's how to enable MFA for your application using the SSOJet dashboard:
Navigate to the Security Section: Log in to your SSOJet dashboard and navigate to the "Security" section.
Enable MFA: Locate the "Multi-Factor Authentication" setting and enable it for your application.
MFA Enforcement: Choose whether to enforce MFA for all users (including SSO users) or only for users logging in directly with username and password.
Important Note: SSO users who are already authenticated through their identity provider (e.g., Google, Okta) will typically not be required to perform MFA unless specifically configured by their organization's SSO administrator.

Next Steps#

Once you've enabled MFA in the SSOJet dashboard, your users will be prompted to set up their chosen MFA factors during their next login attempt. The SSOJet Login Widget will guide them through the process seamlessly.
For more information on configuring specific MFA factors or customizing the Login Widget appearance, please refer to the SSOJet documentation.
Previous
Google Social Login
Next
Single Sign-On Overview
Built with