Getting Started with MFA

Before you get started integrating MFA, there are a few steps you need to take.

1Build out primary authentication

Before integrating MFA, you need to already have a primary authentication flow built out. If you haven't done that already follow one of the below quickstarts first:

2Configure enforced MFA for an Organization

Next, ensure that you have an Organization that requires MFA. You can do that by toggling on "Require MFA" in the Stytch Dashboard, or by calling the Update Organization API and setting the mfa_policy to REQUIRED_FOR_ALL.

Each Organization is also allowed to specify which mfa_methods are allowed for Members in their Organization. If ALL_ALLOWED Member can use either SMS OTP or TOTP. If RESTRICTED Members can only use MFA methods specified in the allowed_mfa_methods array.

For example, if an Organization requires TOTP MFA, this would look as follows:

{
    "mfa_policy": "REQUIRED_FOR_ALL",
    "mfa_methods": "RESTRICTED",
    // Optional, not enforced if mfa_methods is ALL_ALLOWED
    "allowed_mfa_methods": ["totp"]
}

3Start integrating

Using the same integration method you chose for primary authentication, follow the quickstarts to add on MFA: