Skip to main content

Multi-Factor Authentication

Enabling MFA

MFA can be enabled by adding require mfa directive inside transform user directive:

security {
local identity store localdb {
realm local
path {$HOME}/.local/caddy/users.json

authentication portal myportal {
enable identity store localdb
transform user {
match realm local
require mfa
} {
authenticate with myportal

Currently, the MFA requirement can be applied only to local identity store type.

Add MFA Authenticator Application

The following screenshot is from /auth/settings/mfa/add/app endpoint:

The QR Code displayed on the page complies Key Uri Format.

In your MFA application, e.g. Microsoft Authenticator, follow these steps to onboard your web account.