mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-22 15:11:07 +02:00
* Update README Let contributors know that docs will now be located in UDR * Add comments to each mdx doc Comment has been added to all mdx docs that are not partials * chore: added changelog changelog check failure * wip: removed changelog * Fix content errors * Doc spacing * Update website/content/docs/deploy/kubernetes/vso/helm.mdx Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com> --------- Co-authored-by: jonathanfrappier <92055993+jonathanfrappier@users.noreply.github.com> Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
44 lines
1.9 KiB
Plaintext
44 lines
1.9 KiB
Plaintext
---
|
|
layout: api
|
|
page_title: /sys/mfa - HTTP API
|
|
description: >-
|
|
The '/sys/mfa' endpoint focuses on managing MFA behaviors in Vault Enterprise
|
|
MFA.
|
|
---
|
|
|
|
> [!IMPORTANT]
|
|
> **Documentation Update:** Product documentation, which were located in this repository under `/website`, are now located in [`hashicorp/web-unified-docs`](https://github.com/hashicorp/web-unified-docs), colocated with all other product documentation. Contributions to this content should be done in the `web-unified-docs` repo, and not this one. Changes made to `/website` content in this repo will not be reflected on the developer.hashicorp.com website.
|
|
|
|
# `/sys/mfa`
|
|
|
|
@include 'alerts/restricted-root.mdx'
|
|
|
|
The `/sys/mfa` endpoint focuses on managing Multi-factor Authentication (MFA)
|
|
behaviors in Vault Enterprise MFA.
|
|
|
|
## Supported MFA types
|
|
|
|
- [TOTP](/vault/api-docs/system/mfa/totp)
|
|
|
|
- [Okta](/vault/api-docs/system/mfa/okta)
|
|
|
|
- [Duo](/vault/api-docs/system/mfa/duo)
|
|
|
|
- [PingID](/vault/api-docs/system/mfa/pingid)
|
|
|
|
## Step-up enterprise MFA
|
|
|
|
[Vault Enterprise](/vault/docs/enterprise/mfa) allows MFA for login and access to
|
|
sensitive resources in Vault. The Step-up Enterprise MFA expects the method
|
|
creator to specify a name for the method; Login MFA does not, and instead
|
|
returns an ID when a method is created. Although MFA methods supported with Step-up Enterprise MFA are supported with the Login MFA, they use different API endpoints.
|
|
|
|
- Step-up Enterprise MFA: `sys/mfa/method/:type/:/name`
|
|
- Login MFA: `identity/mfa/method/:type`
|
|
|
|
~> **Note:** While the `sys/mfa` endpoint is supported for both Vault Community and Enterprise editions, `sys/mfa/method/:type/:/name` is only supported for Vault Enterprise.
|
|
|
|
Refer to the [Login MFA
|
|
FAQ](/vault/docs/auth/login-mfa/faq#q-are-there-new-mfa-api-endpoints-introduced-as-part-of-the-new-vault-version-1-10-mfa-for-login-functionality) document
|
|
for more details.
|