Multi-Factor Authentication
Multi-factor authentication (MFA) enhances security by requiring users to provide two or more verification factors prior to accessing their account, greatly reducing the likelihood of account compromise.
API Objects & Endpoints
| API Resources | Description | 
|---|---|
| Organization | A top-level tenant that groups members, auth settings, roles, and other identity configurations. | 
| Member | Represents an authenticated user who is a member of a specific Organization. | 
| SMS OTP | A collection of endpoints for enrolling in and performing MFA with SMS OTPs. | 
| TOTP | A collection of endpoints for enrolling in and performing MFA with authenticator apps using TOTP. | 
| Member Session | A managed session that tracks a Member's logged-in state using JWTs or session tokens. | 
How it works
Stytch supports two different methods of secondary authentication:
- SMS One-time passcodes (OTPs)
- Authenticator app Time-based One-time passcodes (TOTPs)
Stytch handles:
- Enforced enrollment in MFA based on the Organization's MFA Policy (optional or required, allowed secondary methods)
- Optional enrollment in MFA, even if Organization does not require it
- Enforcing that MFA requirements for the Member and Organization have been met prior to a Session being issued