Learn how to integrate MFA into your sign-in experience with one-click.
In the digital world, securing user accounts is paramount. Did you know using multi-factor authentication (MFA) blocks a whopping 99.9% of account hacks, especially those pesky password breaches? It's an extremely cost-effective method to enhance your authentication system's security.
You can activate MFA in Logto with just one click! š¹ Watch the quick guide video here:
Configuration steps
Configuring MFA with Logto is straightforward and efficient. Just three simple steps to add an extra layer of defense to your productās authentication. Hereās how:
Step 1: Choose your authentication factor
Pick between the Authenticator app or WebAuthn, or why not both, as your primary method.
- Authenticator app OTP, a.k.a. the software security key, is a crowd favorite.
- WebAuthn supports Passkeys for biometrics and hardware security keys ā it's gaining traction for its high security and compatibility with various devices. Donāt forget to set up a backup method too.
- Those 10 auto-generated, one-time backup codes can be lifesavers when your primary method takes a day off.
Step 2: Decide on your authentication policy
Logto offers two flavors: User-controlled MFA, ideal for consumer products or SaaS; and Mandatory MFA, suited for enterprise or financial applications.
Step 3: Test drive the authentication flow
After a breezy, no-code setup, dive into the Live preview in Sign-in Experience of Logto Console or demo it in your app. Experience the smooth and complete auth flows, from setting up to verifying MFA. For detailed insights and to explore the core authentication flow interfaces, please refer to our comprehensive documentation.
Frequently asked questions
Got questions? Weāve got answers:
Is Logto's MFA auth flow secure enough?
Absolutely. Logtoās MFA sign-in experience is rock-solid for both new and existing users, following your productās MFA policy. Even if an admin deletes a userās MFA in the console, theyāll be prompted to set it up again at the next login.
What about WebAuthn?
Sure, WebAuthn offers top-notch security and a device-native experience, but itās a bit of a newbie in some browsers and products. For those new to WebAuthn, our WebAuthn and Passkey 101 article is a treasure trove of info. Logto now supports WebAuthn for MFA to meet most development needs, although it doesn't yet replace passwords for the first step of authentication. Note: WebAuthn in Logto is currently available for all types of applications except Native ones.
How do users manage MFA in their account settings?
Through Logtoās Management API, integrate the configuration abilities of the Application app OTP and Backup codes, including setup, modification, and deletion. As WebAuthn is domain-bound, it doesnāt have a management API yet, but a solution is planned. You can also manage individual usersā authentication methods in the User management of Logto console.
Give it a try
Join us on this journey with Logto MFA ā we hope it makes your setup and authentication experience smooth and secure.
Top comments (0)