Skip to main content

Multi-Factor Authentication

Enabling MFA

MFA can be enabled by adding require mfa directive inside transform user directive:

{
security {
local identity store localdb {
realm local
path {$HOME}/.local/caddy/users.json
}

authentication portal myportal {
enable identity store localdb
transform user {
match realm local
require mfa
}
}
}
}

auth.myfiosgateway.com {
authenticate with myportal
}

Currently, the MFA requirement can be applied only to local identity store type.

Add MFA Authenticator Application

The following screenshot is from /auth/settings/mfa/add/app endpoint:

The QR Code displayed on the page complies Key Uri Format.

In your MFA application, e.g. Microsoft Authenticator, follow these steps to onboard your web account.