Skip to content

config properties mfa

Jump to bottom
GitHub Action edited this page Dec 11, 2024 · 3 revisions

Version

v1.3.0

mfa Type

object (mfa)

mfa Properties

Property Type Required Nullable Defined by
acquire_on_login boolean Required cannot be null Config
acquire_on_registration boolean Required cannot be null Config
device_trust_cookie_name string Optional cannot be null Config
device_trust_duration string Required cannot be null Config
device_trust_policy string Optional cannot be null Config
enabled boolean Required cannot be null Config
optional boolean Required cannot be null Config
security_keys object Optional cannot be null Config
totp object Optional cannot be null Config

acquire_on_login

acquire_on_login configures if users are prompted creating an MFA credential on login.

acquire_on_login

  • is required

  • cannot be null

acquire_on_login Type

boolean

acquire_on_registration

acquire_on_registration configures if users are prompted creating an MFA credential on registration.

acquire_on_registration

  • is required

  • cannot be null

acquire_on_registration Type

boolean

acquire_on_registration Default Value

The default value is:

true

device_trust_cookie_name

device_trust_cookie_name is the name of the cookie used to store the token of a trusted device.

device_trust_cookie_name

  • is optional

  • cannot be null

device_trust_cookie_name Type

string

device_trust_cookie_name Default Value

The default value is:

"hanko_device_token"

device_trust_duration

device_trust_duration configures the duration a device remains trusted after authentication; once expired, the user must reauthenticate with MFA.

device_trust_duration

  • is required

  • cannot be null

device_trust_duration Type

string

device_trust_duration Default Value

The default value is:

"720h"

device_trust_policy

device_trust_policy determines the conditions under which a device or browser is considered trusted, allowing MFA to be skipped for subsequent logins.

device_trust_policy

  • is optional

  • cannot be null

device_trust_policy Type

string

device_trust_policy Constraints

enum: the value of this property must be equal to one of the following values:

Value Explanation
"always" Devices are trusted without user consent until the trust expires, so MFA is skipped during subsequent logins.
"prompt" The user can choose to trust the current device to skip MFA for subsequent logins.
"never" Devices are considered untrusted, so MFA is required for each login.

device_trust_policy Default Value

The default value is:

"prompt"

enabled

enabled determines whether multi-factor-authentication is enabled.

enabled

  • is required

  • cannot be null

enabled Type

boolean

enabled Default Value

The default value is:

true

optional

optional determines whether users must create an MFA credential when prompted. The MFA credential cannot be deleted if multi-factor-authentication is required (optional: false).

optional

  • is required

  • cannot be null

optional Type

boolean

optional Default Value

The default value is:

true

security_keys

security_keys configures security key settings for multi-factor-authentication

security_keys

  • is optional

  • cannot be null

security_keys Type

object (security_keys)

totp

totp configures the TOTP (Time-Based One-Time-Password) method for multi-factor-authentication.

totp

  • is optional

  • cannot be null

totp Type

object (totp)

Clone this wiki locally