Erica Thompson 0660ea6fac
Update README (#31244)
* Update README

Let contributors know that docs will now be located in UDR

* Add comments to each mdx doc

Comment has been added to all mdx docs that are not partials

* chore: added changelog

changelog check failure

* wip: removed changelog

* Fix content errors

* Doc spacing

* Update website/content/docs/deploy/kubernetes/vso/helm.mdx

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>

---------

Co-authored-by: jonathanfrappier <92055993+jonathanfrappier@users.noreply.github.com>
Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
2025-07-22 08:12:22 -07:00

44 lines
1.9 KiB
Plaintext

---
layout: api
page_title: /sys/mfa - HTTP API
description: >-
The '/sys/mfa' endpoint focuses on managing MFA behaviors in Vault Enterprise
MFA.
---
> [!IMPORTANT]
> **Documentation Update:** Product documentation, which were located in this repository under `/website`, are now located in [`hashicorp/web-unified-docs`](https://github.com/hashicorp/web-unified-docs), colocated with all other product documentation. Contributions to this content should be done in the `web-unified-docs` repo, and not this one. Changes made to `/website` content in this repo will not be reflected on the developer.hashicorp.com website.
# `/sys/mfa`
@include 'alerts/restricted-root.mdx'
The `/sys/mfa` endpoint focuses on managing Multi-factor Authentication (MFA)
behaviors in Vault Enterprise MFA.
## Supported MFA types
- [TOTP](/vault/api-docs/system/mfa/totp)
- [Okta](/vault/api-docs/system/mfa/okta)
- [Duo](/vault/api-docs/system/mfa/duo)
- [PingID](/vault/api-docs/system/mfa/pingid)
## Step-up enterprise MFA
[Vault Enterprise](/vault/docs/enterprise/mfa) allows MFA for login and access to
sensitive resources in Vault. The Step-up Enterprise MFA expects the method
creator to specify a name for the method; Login MFA does not, and instead
returns an ID when a method is created. Although MFA methods supported with Step-up Enterprise MFA are supported with the Login MFA, they use different API endpoints.
- Step-up Enterprise MFA: `sys/mfa/method/:type/:/name`
- Login MFA: `identity/mfa/method/:type`
~> **Note:** While the `sys/mfa` endpoint is supported for both Vault Community and Enterprise editions, `sys/mfa/method/:type/:/name` is only supported for Vault Enterprise.
Refer to the [Login MFA
FAQ](/vault/docs/auth/login-mfa/faq#q-are-there-new-mfa-api-endpoints-introduced-as-part-of-the-new-vault-version-1-10-mfa-for-login-functionality) document
for more details.