stef•2mo ago

API for "Force MFA"

Which API can I use to control, (set and/or delete) the two flags "Force MFA for all users" and "Force MFA for local authenticated users only" ?

4 Replies

Ask Inkeep•2mo ago

Hi @stef, I'm an AI assistant for ZITADEL. While a team member reviews this question, I'll see if I can find relevant sources for your question. Answer You can control the "Force MFA for all users" and "Force MFA for local authenticated users only" flags using the login settings endpoints in ZITADEL's APIs. These flags correspond to the properties forceMfa (forces MFA for all users) and forceMfaLocalOnly (forces MFA only for local users) . - In API V2, use the endpoint:

  GET <https://$CUSTOM-DOMAIN/v2/settings/login>

  GET <https://$CUSTOM-DOMAIN/v2/settings/login>

This endpoint returns both forceMfa and forceMfaLocalOnly in the settings object. You would use the corresponding update endpoint to set or delete these flags (1) . - In API V1 (Management API) , use:

  GET <https://$CUSTOM-DOMAIN/management/v1/policies/default/login>

  GET <https://$CUSTOM-DOMAIN/management/v1/policies/default/login>

or for organization-specific policies:

  GET <https://$CUSTOM-DOMAIN/admin/v1/policies/login>

  GET <https://$CUSTOM-DOMAIN/admin/v1/policies/login>

These endpoints also include forceMfa and forceMfaLocalOnly in the policy object. You would use the respective update endpoints to modify these flags (2) (3) . To learn more, see the sources I considered: [1] Get the login settings [2] Get Login Settings [3] Get Default Login Settings Feel free to tag @Ask Inkeep with additional questions. Got it. Tagging @Rajat for additional help.

Rajat•2mo ago

hey @stef for now, you can do it via Update Custom Login Settings and you need forceMfa and forceMfaLocalOnly to set to true

stefOP•2mo ago

Hey Rajat. thank you! problem solved 🙂

Rajat•2mo ago

hey @stef you can mark my answer with ✅ and it will auto close this thread.

API for "Force MFA"

Did you find this page helpful?