Add Multi-Factor (MFA)

Add a multi-factor (MFA) to the login settings of the instance. It affects all organizations, without custom login settings. Authentication factors are used as an additional layer of security for your users (e.g. Authentication App, FingerPrint, Windows Hello, etc). Per definition, it is called multi-factor factor or passwordless as it is used as first and second authentication and a password is not necessary. In the UI we generalize it as passwordless or passkey.

application/json
application/grpc
application/grpc-web+proto

Request Body required

type string required
Possible values: [MULTI_FACTOR_TYPE_UNSPECIFIED, MULTI_FACTOR_TYPE_U2F_WITH_VERIFICATION]
Default value: MULTI_FACTOR_TYPE_UNSPECIFIED

Request Body required

type string required
Possible values: [MULTI_FACTOR_TYPE_UNSPECIFIED, MULTI_FACTOR_TYPE_U2F_WITH_VERIFICATION]
Default value: MULTI_FACTOR_TYPE_UNSPECIFIED

Request Body required

type string required
Possible values: [MULTI_FACTOR_TYPE_UNSPECIFIED, MULTI_FACTOR_TYPE_U2F_WITH_VERIFICATION]
Default value: MULTI_FACTOR_TYPE_UNSPECIFIED

Responses

200
400
403
404
default

multi-factor added to default login policy

application/json
application/grpc
application/grpc-web+proto

Schema
Example (from schema)

Schema

details object
sequence uint64
on read: the sequence of the last event reduced by the projection

on manipulation: the timestamp of the event(s) added by the manipulation
creationDate date-time
on read: the timestamp of the first event of the object

on create: the timestamp of the event(s) added by the manipulation
changeDate date-time
on read: the timestamp of the last event reduced by the projection

on manipulation: the
resourceOwner resource_owner is the organization an object belongs to

{
  "details": {
    "sequence": "2",
    "creationDate": "2023-05-12",
    "changeDate": "2023-05-12",
    "resourceOwner": "69629023906488334"
  }
}

Schema
Example (from schema)

Schema

details object
sequence uint64
on read: the sequence of the last event reduced by the projection

on manipulation: the timestamp of the event(s) added by the manipulation
creationDate date-time
on read: the timestamp of the first event of the object

on create: the timestamp of the event(s) added by the manipulation
changeDate date-time
on read: the timestamp of the last event reduced by the projection

on manipulation: the
resourceOwner resource_owner is the organization an object belongs to

{
  "details": {
    "sequence": "2",
    "creationDate": "2023-05-12",
    "changeDate": "2023-05-12",
    "resourceOwner": "69629023906488334"
  }
}

Schema
Example (from schema)

Schema

details object
sequence uint64
on read: the sequence of the last event reduced by the projection

on manipulation: the timestamp of the event(s) added by the manipulation
creationDate date-time
on read: the timestamp of the first event of the object

on create: the timestamp of the event(s) added by the manipulation
changeDate date-time
on read: the timestamp of the last event reduced by the projection

on manipulation: the
resourceOwner resource_owner is the organization an object belongs to

{
  "details": {
    "sequence": "2",
    "creationDate": "2023-05-12",
    "changeDate": "2023-05-12",
    "resourceOwner": "69629023906488334"
  }
}

invalid multi-factor type

application/json
application/grpc
application/grpc-web+proto

Schema
Example (from schema)

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema
Example (from schema)

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema
Example (from schema)

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Returned when the user does not have permission to access the resource.

application/json
application/grpc
application/grpc-web+proto

Schema
Example (from schema)

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema
Example (from schema)

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema
Example (from schema)

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Returned when the resource does not exist.

application/json
application/grpc
application/grpc-web+proto

Schema
Example (from schema)

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema
Example (from schema)

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema
Example (from schema)

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

An unexpected error response.

application/json
application/grpc
application/grpc-web+proto

Schema
Example (from schema)

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema
Example (from schema)

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema
Example (from schema)

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

POST /policies/login/multi_factors

Authorization

type: oauth2flow: authorizationCodescopes: openid,urn:zitadel:iam:org:project:id:zitadel:aud

Request

Base URL

https://$ZITADEL_DOMAIN/admin/v1

Bearer Token

Content-Type

Body required

{
  "type": "MULTI_FACTOR_TYPE_UNSPECIFIED"
}

Accept

curl -L -X POST 'https://$ZITADEL_DOMAIN/admin/v1/policies/login/multi_factors' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "type": "MULTI_FACTOR_TYPE_UNSPECIFIED"
}'

curl -L -X POST 'https://$ZITADEL_DOMAIN/admin/v1/policies/login/multi_factors' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "type": "MULTI_FACTOR_TYPE_UNSPECIFIED"
}'

curl -L -X POST 'https://$ZITADEL_DOMAIN/admin/v1/policies/login/multi_factors' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "type": "MULTI_FACTOR_TYPE_UNSPECIFIED"
}'

curl -L -X POST 'https://$ZITADEL_DOMAIN/admin/v1/policies/login/multi_factors' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "type": "MULTI_FACTOR_TYPE_UNSPECIFIED"
}'

curl -L -X POST 'https://$ZITADEL_DOMAIN/admin/v1/policies/login/multi_factors' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "type": "MULTI_FACTOR_TYPE_UNSPECIFIED"
}'

curl -L -X POST 'https://$ZITADEL_DOMAIN/admin/v1/policies/login/multi_factors' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "type": "MULTI_FACTOR_TYPE_UNSPECIFIED"
}'

curl -L -X POST 'https://$ZITADEL_DOMAIN/admin/v1/policies/login/multi_factors' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "type": "MULTI_FACTOR_TYPE_UNSPECIFIED"
}'