mirror of
https://github.com/hashicorp/vault.git
synced 2025-11-13 23:01:11 +01:00
cf43d3eeed
* Add administrative namespace section to namespaces docs * Tag sys endpoints with restricted admin alert --------- Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
41 lines
1.4 KiB
Plaintext
41 lines
1.4 KiB
Plaintext
---
|
|
layout: api
|
|
page_title: /sys/mfa - HTTP API
|
|
description: >-
|
|
The '/sys/mfa' endpoint focuses on managing MFA behaviors in Vault Enterprise
|
|
MFA.
|
|
---
|
|
|
|
# `/sys/mfa`
|
|
|
|
@include 'alerts/restricted-admin.mdx'
|
|
|
|
The `/sys/mfa` endpoint focuses on managing Multi-factor Authentication (MFA)
|
|
behaviors in Vault Enterprise MFA.
|
|
|
|
## Supported MFA types
|
|
|
|
- [TOTP](/vault/api-docs/system/mfa/totp)
|
|
|
|
- [Okta](/vault/api-docs/system/mfa/okta)
|
|
|
|
- [Duo](/vault/api-docs/system/mfa/duo)
|
|
|
|
- [PingID](/vault/api-docs/system/mfa/pingid)
|
|
|
|
## Step-up enterprise MFA
|
|
|
|
[Vault Enterprise](/vault/docs/enterprise/mfa) allows MFA for login and access to
|
|
sensitive resources in Vault. The Step-up Enterprise MFA expects the method
|
|
creator to specify a name for the method; Login MFA does not, and instead
|
|
returns an ID when a method is created. Although MFA methods supported with Step-up Enterprise MFA are supported with the Login MFA, they use different API endpoints.
|
|
|
|
- Step-up Enterprise MFA: `sys/mfa/method/:type/:/name`
|
|
- Login MFA: `identity/mfa/method/:type`
|
|
|
|
~> **Note:** While the `sys/mfa` endpoint is supported for both Vault Community and Enterprise editions, `sys/mfa/method/:type/:/name` is only supported for Vault Enterprise.
|
|
|
|
Refer to the [Login MFA
|
|
FAQ](/vault/docs/auth/login-mfa/faq#q-are-there-new-mfa-api-endpoints-introduced-as-part-of-the-new-vault-version-1-10-mfa-for-login-functionality) document
|
|
for more details.
|