B2B Saas Authentication

/

Guides

/

Authentication

/

Multi-Factor Authentication

/

Integration Guides

/

Start here

Getting Started with MFA

Before you get started integrating MFA, there are a few steps you need to take.

Build out primary authentication

Before integrating MFA, you need to already have a primary authentication flow built out. If you haven't done that already follow one of the below integration guides first:

2
Configure enforced MFA for an Organization

Next, ensure that you have an Organization that requires MFA. You can do that by toggling on "Require MFA" in the Stytch Dashboard, or by calling the Update Organization API and setting the mfa_policy to REQUIRED_FOR_ALL.

Each Organization is also allowed to specify which mfa_methods are allowed for Members in their Organization. If ALL_ALLOWED Member can use either SMS OTP or TOTP. If RESTRICTED Members can only use MFA methods specified in the allowed_mfa_methods array.

For example, if an Organization requires TOTP MFA, this would look as follows:

{
    "mfa_policy": "REQUIRED_FOR_ALL",
    "mfa_methods": "RESTRICTED",
    // Optional, not enforced if mfa_methods is ALL_ALLOWED
    "allowed_mfa_methods": ["totp"]
}

3
Start integrating

Using the same integration method you chose for primary authentication, follow the integration guides to add on MFA: