-
Notifications
You must be signed in to change notification settings - Fork 937
config properties mfa
v1.3.2
object
(mfa)
Property | Type | Required | Nullable | Defined by |
---|---|---|---|---|
acquire_on_login | boolean |
Required | cannot be null | Config |
acquire_on_registration | boolean |
Required | cannot be null | Config |
device_trust_cookie_name | string |
Optional | cannot be null | Config |
device_trust_duration | string |
Required | cannot be null | Config |
device_trust_policy | string |
Optional | cannot be null | Config |
enabled | boolean |
Required | cannot be null | Config |
optional | boolean |
Required | cannot be null | Config |
security_keys | object |
Optional | cannot be null | Config |
totp | object |
Optional | cannot be null | Config |
acquire_on_login
configures if users are prompted creating an MFA credential on login.
acquire_on_login
-
is required
-
cannot be null
boolean
acquire_on_registration
configures if users are prompted creating an MFA credential on registration.
acquire_on_registration
-
is required
-
cannot be null
boolean
The default value is:
true
device_trust_cookie_name
is the name of the cookie used to store the token of a trusted device.
device_trust_cookie_name
-
is optional
-
cannot be null
string
The default value is:
"hanko_device_token"
device_trust_duration
configures the duration a device remains trusted after authentication; once expired, the
user must reauthenticate with MFA.
device_trust_duration
-
is required
-
cannot be null
string
The default value is:
"720h"
device_trust_policy
determines the conditions under which a device or browser is considered trusted, allowing
MFA to be skipped for subsequent logins.
device_trust_policy
-
is optional
-
cannot be null
string
enum: the value of this property must be equal to one of the following values:
Value | Explanation |
---|---|
"always" |
Devices are trusted without user consent until the trust expires, so MFA is skipped during subsequent logins. |
"prompt" |
The user can choose to trust the current device to skip MFA for subsequent logins. |
"never" |
Devices are considered untrusted, so MFA is required for each login. |
The default value is:
"prompt"
enabled
determines whether multi-factor-authentication is enabled.
enabled
-
is required
-
cannot be null
boolean
The default value is:
true
optional
determines whether users must create an MFA credential when prompted. The MFA credential cannot be
deleted if multi-factor-authentication is required (optional: false
).
optional
-
is required
-
cannot be null
boolean
The default value is:
true
security_keys
configures security key settings for multi-factor-authentication
security_keys
-
is optional
-
cannot be null
object
(security_keys)
totp
configures the TOTP (Time-Based One-Time-Password) method for multi-factor-authentication.
totp
-
is optional
-
cannot be null
object
(totp)