For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Dashboard
DocumentationAPI Reference
DocumentationAPI Reference
    • What is Auth.it?
  • Getting Started
    • Quick Start Guide
    • Example Apps
  • Configuration
    • Authentication
      • Social Login
      • Password Policy
      • Multi-Factor Authentication (MFA)
      • Passkeys
      • Magic Links
      • Self-Registration
      • Session Settings
    • Branding
    • Domains
    • Email
    • Roles
  • Entities
    • Organizations
    • Users
  • Developer
    • Audit Logs
    • Webhooks
    • Applications
    • API Keys
  • Resources
    • GitHub
Dashboard
LogoLogo
ConfigurationAuthentication

Multi-Factor Authentication (MFA)

Was this page helpful?
Previous

Passkeys

Next
Built with

Multi-factor authentication (MFA) strengthens login security by requiring two steps: the user first enters their password, then provides a one-time code. In Auth.it, this code can either be generated by a TOTP authenticator app or sent by email.

By default, MFA is disabled. To enable it:

  1. In the Authentication view, locate the Multi-Factor Authentication section.
  2. Click Enable Multi-Factor Authentication to open the settings window.
  3. Switch the first toggle from Disabled to Enabled.

Optionally, to require MFA for all users, switch the second toggle from Not required to Required.

Configuring MFA

By default, Auth.it prompts users to enter a one-time code generated by their authenticator app. The setup screen displays a QR code in a standard format recognized by most apps, including Microsoft Authenticator, Google Authenticator, Authy, 1Password, and FreeOTP.

If you prefer to deliver one-time codes by email, select Email in the Type dropdown.

Click Save changes when you’re done configuring MFA.

Once MFA is enabled and required, the next time a user logs in with their username and password, one of the following happens:

  • With app-based MFA, the user is shown a Mobile Authenticator Setup screen to configure their TOTP app (such as Google Authenticator) using a QR code. After scanning the code, they enter a one-time code to complete setup: Auth.it prompting a user to set up an authenticator app On subsequent logins, they’ll be prompted to enter a new one-time code from their authenticator app: One-time code with app-based MFA
  • With email-based MFA, no setup is required. On each login, the user receives an email with a one-time code that they must enter: One-time code with email-based MFA