Multi-factor authentication
Multi-factor authentication (MFA) adds an additional layer of security to your application by requiring users to verify their identity using multiple methods. Ory supports One-Time Codes (OTC) for multi-factor authentication, which can be enabled and configured through the Ory Console.
Enabling Multi-Factor Authentication
To enable MFA for your application, follow these steps:
- Log in to your Ory Console
- Select your workspace and project
- Navigate to the Authentication tab
- Click on Two-factor auth in the sidebar
Configure One-Time Codes
In the Two-factor auth settings, you can enable and configure One-Time Codes for multi-factor authentication:
Enable the "Enable one-time code multi factor authentication" toggle to allow users to receive one-time codes for MFA.
- Require second factor for login: If enabled, users will be forced to complete a second factor challenge before logging in.
- Require second factor for self-service settings: If enabled, users will need to complete a second factor challenge before they can access their settings (e.g., traits, password, and other credentials).
These settings control whether users need to complete a second factor challenge to sign in or modify their settings. If users do not have a second-factor set up, this configuration does not affect them.
What users will see
When MFA is enabled, users will see a second authentication screen after logging in:
- The user enters their username/password or uses another primary authentication method
- They see the MFA challenge screen
- A one-time code is sent to their email
- After entering the valid code, they gain access to the application or protected settings