Getting Started with MFA
Before you get started integrating MFA, there are a few steps you need to take.
Build out primary authentication
Before integrating MFA, you need to already have a primary authentication flow built out. If you haven't done that already follow one of the below integration guides first:
2Configure enforced MFA for an Organization
Next, ensure that you have an Organization that requires MFA. You can do that by toggling on "Require MFA" in the Stytch Dashboard, or by calling the Update Organization API and setting the mfa_policy to REQUIRED_FOR_ALL.
Each Organization is also allowed to specify which mfa_methods are allowed for Members in their Organization. If ALL_ALLOWED Member can use either SMS OTP or TOTP. If RESTRICTED Members can only use MFA methods specified in the allowed_mfa_methods array.
For example, if an Organization requires TOTP MFA, this would look as follows:
{
"mfa_policy": "REQUIRED_FOR_ALL",
"mfa_methods": "RESTRICTED",
// Optional, not enforced if mfa_methods is ALL_ALLOWED
"allowed_mfa_methods": ["totp"]
}3Start integrating
Using the same integration method you chose for primary authentication, follow the integration guides to add on MFA: