API for "Force MFA"
Which API can I use to control, (set and/or delete) the two flags "Force MFA for all users" and "Force MFA for local authenticated users only" ?
2 Replies
Hi @stef, I'm an AI assistant for ZITADEL. While a team member reviews this question, I'll see if I can find relevant sources for your question.
Answer
You can control the "Force MFA for all users" and "Force MFA for local authenticated users only" flags using the login settings endpoints in ZITADEL's APIs. These flags correspond to the properties forceMfa (forces MFA for all users) and forceMfaLocalOnly (forces MFA only for local users) .
- In API V2, use the endpoint:
This endpoint returns both forceMfa and forceMfaLocalOnly in the settings object. You would use the corresponding update endpoint to set or delete these flags (1) .
- In API V1 (Management API) , use:
or for organization-specific policies:
These endpoints also include forceMfa and forceMfaLocalOnly in the policy object. You would use the respective update endpoints to modify these flags (2) (3) .
To learn more, see the sources I considered:
[1] Get the login settings
[2] Get Login Settings
[3] Get Default Login Settings
Feel free to tag @Ask Inkeep with additional questions.
Got it. Tagging @Rajat for additional help.
hey @stef for now, you can do it via Update Custom Login Settings and you need
forceMfa and forceMfaLocalOnly to set to true