19:["$","$L23",null,{"channelId":"$n1447516431439630457","after":"$n1447516431439630457","solutionMessageId":"$undefined","firstMessage":"$c:props:headerData:firstMessage","server":"$c:props:headerData:server","channel":"$c:props:headerData:channel","initialData":{"continueCursor":"07b6b986dd7a4f2a09871641131d9dc83235d931d2ba14ddee7f8c9826007ed168109bb16b01dab26569b69fe103d37cd515587341d1875600639041ac31e7ab35ba9360f342e752af7d115a96","isDone":true,"page":[{"attachments":[],"author":{"avatar":"0efc1af80484b119e7c9e110710e03ba","id":"$n1145576664366055464","name":"Ask Inkeep"},"message":{"_creationTime":1765610660482.532,"_id":"k175a44e98dnvk54dcwpmh6c0d7x6kg4","authorId":"$n1145576664366055464","channelId":"$n1447516431439630457","content":"Hi <@1034754381792415804>, I'm an AI assistant for ZITADEL. While a team member reviews this question, I'll see if I can find relevant sources for your question.","embeds":[],"flags":4,"id":"$n1447516435071897632","parentChannelId":"$n1019895518383583323","pinned":false,"serverId":"$n927474939156643850","tts":false,"type":0},"metadata":{"users":{"1034754381792415804":{"exists":true,"globalName":null,"url":"/u/1034754381792415804","username":"Shanil Sasikumar"}}},"reactions":[],"solutions":[]},{"attachments":[],"author":{"avatar":"0efc1af80484b119e7c9e110710e03ba","id":"$n1145576664366055464","name":"Ask Inkeep"},"message":{"_creationTime":1765610660581.6794,"_id":"k17aq0r0y04151h3k2fp2f1j5n7x672k","authorId":"$n1145576664366055464","channelId":"$n1447516431439630457","content":"$24","embeds":[],"flags":4,"id":"$n1447516481678999634","parentChannelId":"$n1019895518383583323","pinned":false,"serverId":"$n927474939156643850","tts":false,"type":0},"metadata":{},"reactions":[],"solutions":[]},{"attachments":[],"author":{"avatar":"0efc1af80484b119e7c9e110710e03ba","id":"$n1145576664366055464","name":"Ask Inkeep"},"message":{"_creationTime":1765610660685.1692,"_id":"k176y8ghgttzzbm5qyhr4h7xyn7x6cc3","authorId":"$n1145576664366055464","channelId":"$n1447516431439630457","content":"\nTo learn more, see the sources I considered:\n\n[[1] List Second Factors (2FA)](https://zitadel.com/docs/apis/resources/admin/admin-service-list-login-policy-second-factors)\n[[2] Add Second Factor (2FA)](https://zitadel.com/docs/apis/resources/admin/admin-service-add-second-factor-to-login-policy)\n[[3] MFA self management does not respect login policy](https://github.com/zitadel/zitadel/issues/9176)\n","embeds":[],"flags":4,"id":"$n1447516484451700788","parentChannelId":"$n1019895518383583323","pinned":false,"serverId":"$n927474939156643850","tts":false,"type":0},"metadata":{},"reactions":[],"solutions":[]},{"attachments":[],"author":{"avatar":"0efc1af80484b119e7c9e110710e03ba","id":"$n1145576664366055464","name":"Ask Inkeep"},"message":{"_creationTime":1765610660782.343,"_id":"k172wyg19qe10gw5xhbak81vmx7x67t8","authorId":"$n1145576664366055464","channelId":"$n1447516431439630457","content":"Feel free to tag <@1145576664366055464> with additional questions.","embeds":[],"flags":4,"id":"$n1447516485969776741","parentChannelId":"$n1019895518383583323","pinned":false,"serverId":"$n927474939156643850","tts":false,"type":0},"metadata":{"users":{"1145576664366055464":{"exists":true,"globalName":null,"url":"/u/1145576664366055464","username":"Ask Inkeep"}}},"reactions":[],"solutions":[]},{"attachments":[],"author":{"avatar":"0efc1af80484b119e7c9e110710e03ba","id":"$n1145576664366055464","name":"Ask Inkeep"},"message":{"_creationTime":1765610674162.4895,"_id":"k172pjc9gr4t53f7jvdbe1nwqs7x6med","applicationId":"$n1145576664366055464","authorId":"$n1145576664366055464","channelId":"$n1447516431439630457","content":"Got it. Tagging <@1346540274674827395> for additional help.","embeds":[],"flags":4,"id":"$n1447523252691013663","parentChannelId":"$n1019895518383583323","pinned":false,"referenceId":"$n1447516484451700788","serverId":"$n927474939156643850","tts":false,"type":19,"webhookId":"$n1145576664366055464"},"metadata":{"users":{"1346540274674827395":{"exists":true,"globalName":null,"url":"/u/1346540274674827395","username":"Rajat"}}},"reactions":[],"reference":{"message":{"attachments":[],"author":{"avatar":"0efc1af80484b119e7c9e110710e03ba","id":"$n1145576664366055464","name":"Ask Inkeep"},"message":{"_creationTime":1765610660685.1692,"_id":"k176y8ghgttzzbm5qyhr4h7xyn7x6cc3","authorId":"$n1145576664366055464","channelId":"$n1447516431439630457","content":"\nTo learn more, see the sources I considered:\n\n[[1] List Second Factors (2FA)](https://zitadel.com/docs/apis/resources/admin/admin-service-list-login-policy-second-factors)\n[[2] Add Second Factor (2FA)](https://zitadel.com/docs/apis/resources/admin/admin-service-add-second-factor-to-login-policy)\n[[3] MFA self management does not respect login policy](https://github.com/zitadel/zitadel/issues/9176)\n","embeds":[],"flags":4,"id":"$n1447516484451700788","parentChannelId":"$n1019895518383583323","pinned":false,"serverId":"$n927474939156643850","tts":false,"type":0},"metadata":{},"reactions":[],"solutions":[]},"messageId":"$n1447516484451700788"},"solutions":[]},{"attachments":[],"author":{"avatar":"e5b480de7fdb76af05498f7ece7a4625","id":"$n1346540274674827395","name":"Rajat"},"message":{"_creationTime":1765610675970.228,"_id":"k177szqx3f5ex39n8e6jw3s6gd7x7jna","authorId":"$n1346540274674827395","channelId":"$n1447516431439630457","content":"hey <@1034754381792415804> good morning, yes you are right, 2FA (second factors / MFA) is configured and enforced at the org login policy level, not per user.","embeds":[],"flags":0,"id":"$n1447524088682774603","parentChannelId":"$n1019895518383583323","pinned":false,"serverId":"$n927474939156643850","tts":false,"type":0},"metadata":{"users":{"1034754381792415804":{"exists":true,"globalName":null,"url":"/u/1034754381792415804","username":"Shanil Sasikumar"}}},"reactions":[],"solutions":[]},{"attachments":[],"author":{"avatar":"e5b480de7fdb76af05498f7ece7a4625","id":"$n1346540274674827395","name":"Rajat"},"message":{"_creationTime":1765702181004.4116,"_id":"k179912g37vb7tznhsqdj12ma57x94em","authorId":"$n1346540274674827395","channelId":"$n1447516431439630457","content":"hey <@1034754381792415804> you can mark my answer with ✅ and it will auto close this thread. 🙂 Thank you","embeds":[],"flags":0,"id":"$n1449684760828969146","parentChannelId":"$n1019895518383583323","pinned":false,"serverId":"$n927474939156643850","tts":false,"type":0},"metadata":{"users":{"1034754381792415804":{"exists":true,"globalName":null,"url":"/u/1034754381792415804","username":"Shanil Sasikumar"}}},"reactions":[],"solutions":[]},{"attachments":[],"author":{"avatar":"e69febaaa0d49905add58ce7e3cf44c3","id":"$n696318009383321642","name":"Joebeurg"},"message":{"_creationTime":1765716061959.8691,"_id":"k17bpq31bv2nc7mq6b12r433tn7x85s2","authorId":"$n696318009383321642","channelId":"$n1447516431439630457","content":"<@1346540274674827395> how does this scenario work:\nUser A belongs to the default ORG A, and was granted roles and projects in ORG B and ORG C. \nDEFAULT ORG A: optional MFA,username/password the deafult\nORG B: enforces MFA\nORG C: has SSO\nHow does the user then login? Will they be able to use MFA/SSO even though they belong to a different org but has grants from other ones with such policies? \nThis setup scenario is to have one account across multiple ORGs.","embeds":[],"flags":0,"id":"$n1449742980100522057","parentChannelId":"$n1019895518383583323","pinned":false,"serverId":"$n927474939156643850","tts":false,"type":0},"metadata":{"users":{"1346540274674827395":{"exists":true,"globalName":null,"url":"/u/1346540274674827395","username":"Rajat"}}},"reactions":[],"solutions":[]},{"attachments":[],"author":{"avatar":"e5b480de7fdb76af05498f7ece7a4625","id":"$n1346540274674827395","name":"Rajat"},"message":{"_creationTime":1765772789303.69,"_id":"k1738bxh2d2e1ckcq8ybqrre7d7xam5n","authorId":"$n1346540274674827395","channelId":"$n1447516431439630457","content":"So I spent some time thinking and it's a pretty interesting use case 🤗\n\nWhen User A logs in, they authenticate according to org A's login policy (optional MFA, username/password). The user would not be forced to use mfa during login, even though they have grants in org B which enforces mfa.\n\n\nIf the authentication request includes an organization scope parameter (like ‘urn<:zitadel:1021704273140138034>iam:org:id:{orgB_id})‘ the login policy of that specified organization (org B) would apply\nWithout an explicit organization scope, the user's home organization (org A) policy should apply.\n\nGrants determine authorization (what the user can access/do in other orgs), but the authentication policy is determined by the orgs context, basically the user's home organization unless explicitly overridden by scope parameters(like above)\n\nJust having grants in org C doesn't automatically make org C's SSO providers available when logging in from org A","embeds":[],"flags":0,"id":"$n1449980909427097641","parentChannelId":"$n1019895518383583323","pinned":false,"referenceId":"$n1449742980100522057","serverId":"$n927474939156643850","tts":false,"type":19},"metadata":{},"reactions":[],"reference":{"message":{"attachments":[],"author":{"avatar":"e69febaaa0d49905add58ce7e3cf44c3","id":"$n696318009383321642","name":"Joebeurg"},"message":{"_creationTime":1765716061959.8691,"_id":"k17bpq31bv2nc7mq6b12r433tn7x85s2","authorId":"$n696318009383321642","channelId":"$n1447516431439630457","content":"<@1346540274674827395> how does this scenario work:\nUser A belongs to the default ORG A, and was granted roles and projects in ORG B and ORG C. \nDEFAULT ORG A: optional MFA,username/password the deafult\nORG B: enforces MFA\nORG C: has SSO\nHow does the user then login? Will they be able to use MFA/SSO even though they belong to a different org but has grants from other ones with such policies? \nThis setup scenario is to have one account across multiple ORGs.","embeds":[],"flags":0,"id":"$n1449742980100522057","parentChannelId":"$n1019895518383583323","pinned":false,"serverId":"$n927474939156643850","tts":false,"type":0},"metadata":{"users":{"1346540274674827395":{"exists":true,"globalName":null,"url":"/u/1346540274674827395","username":"Rajat"}}},"reactions":[],"solutions":[]},"messageId":"$n1449742980100522057"},"solutions":[]},{"attachments":[],"author":{"avatar":"e69febaaa0d49905add58ce7e3cf44c3","id":"$n696318009383321642","name":"Joebeurg"},"message":{"_creationTime":1765786136813.651,"_id":"k17d3ergbp3hh3fvg4rfam167h7xb0mj","authorId":"$n696318009383321642","channelId":"$n1447516431439630457","content":"Well explained, thanks man 🤜","embeds":[],"flags":0,"id":"$n1450036897370996850","parentChannelId":"$n1019895518383583323","pinned":false,"referenceId":"$n1449980909427097641","serverId":"$n927474939156643850","tts":false,"type":19},"metadata":{},"reactions":[],"reference":{"message":{"attachments":[],"author":{"avatar":"e5b480de7fdb76af05498f7ece7a4625","id":"$n1346540274674827395","name":"Rajat"},"message":{"_creationTime":1765772789303.69,"_id":"k1738bxh2d2e1ckcq8ybqrre7d7xam5n","authorId":"$n1346540274674827395","channelId":"$n1447516431439630457","content":"So I spent some time thinking and it's a pretty interesting use case 🤗\n\nWhen User A logs in, they authenticate according to org A's login policy (optional MFA, username/password). The user would not be forced to use mfa during login, even though they have grants in org B which enforces mfa.\n\n\nIf the authentication request includes an organization scope parameter (like ‘urn<:zitadel:1021704273140138034>iam:org:id:{orgB_id})‘ the login policy of that specified organization (org B) would apply\nWithout an explicit organization scope, the user's home organization (org A) policy should apply.\n\nGrants determine authorization (what the user can access/do in other orgs), but the authentication policy is determined by the orgs context, basically the user's home organization unless explicitly overridden by scope parameters(like above)\n\nJust having grants in org C doesn't automatically make org C's SSO providers available when logging in from org A","embeds":[],"flags":0,"id":"$n1449980909427097641","parentChannelId":"$n1019895518383583323","pinned":false,"referenceId":"$n1449742980100522057","serverId":"$n927474939156643850","tts":false,"type":19},"metadata":{},"reactions":[],"solutions":[]},"messageId":"$n1449980909427097641"},"solutions":[]},{"attachments":[],"author":{"avatar":"e5b480de7fdb76af05498f7ece7a4625","id":"$n1346540274674827395","name":"Rajat"},"message":{"_creationTime":1765787257597.6357,"_id":"k179captwc6ygphtb8t7z8xe2s7xb10v","authorId":"$n1346540274674827395","channelId":"$n1447516431439630457","content":"Awesome!\nFeel free to start a new thread and I'll close this meanwhile\nThank you :))","embeds":[],"flags":0,"id":"$n1450041598413897738","parentChannelId":"$n1019895518383583323","pinned":false,"serverId":"$n927474939156643850","tts":false,"type":0},"metadata":{},"reactions":[],"solutions":[]},{"attachments":[],"author":{"avatar":"0efc1af80484b119e7c9e110710e03ba","id":"$n1145576664366055464","name":"Ask Inkeep"},"message":{"_creationTime":1766033928190.6494,"_id":"k175r6hvb9ft65jrzjg4zngnjx7xhx9g","applicationId":"$n1145576664366055464","authorId":"$n1145576664366055464","channelId":"$n1447516431439630457","content":"Glad I could be helpful. Feel free to create a new thread with any new questions you may have.","embeds":[],"flags":4,"id":"$n1450041626184388668","parentChannelId":"$n1019895518383583323","pinned":false,"referenceId":"$n1447516484451700788","serverId":"$n927474939156643850","tts":false,"type":19,"webhookId":"$n1145576664366055464"},"metadata":{},"reactions":[],"reference":{"message":{"attachments":[],"author":{"avatar":"0efc1af80484b119e7c9e110710e03ba","id":"$n1145576664366055464","name":"Ask Inkeep"},"message":{"_creationTime":1765610660685.1692,"_id":"k176y8ghgttzzbm5qyhr4h7xyn7x6cc3","authorId":"$n1145576664366055464","channelId":"$n1447516431439630457","content":"\nTo learn more, see the sources I considered:\n\n[[1] List Second Factors (2FA)](https://zitadel.com/docs/apis/resources/admin/admin-service-list-login-policy-second-factors)\n[[2] Add Second Factor (2FA)](https://zitadel.com/docs/apis/resources/admin/admin-service-add-second-factor-to-login-policy)\n[[3] MFA self management does not respect login policy](https://github.com/zitadel/zitadel/issues/9176)\n","embeds":[],"flags":4,"id":"$n1447516484451700788","parentChannelId":"$n1019895518383583323","pinned":false,"serverId":"$n927474939156643850","tts":false,"type":0},"metadata":{},"reactions":[],"solutions":[]},"messageId":"$n1447516484451700788"},"solutions":[]},{"attachments":[],"author":{"avatar":"4e70dfa6a1756743179a610577e430a2","id":"$n1034754381792415804","name":"Shanil Sasikumar"},"message":{"_creationTime":1768199303565.8098,"_id":"k17bn42vh62df1rfkd0y52qqwx7z2tym","authorId":"$n1034754381792415804","channelId":"$n1447516431439630457","content":"Thank you, <@403882453653127168> , for the quick response.\n\nInstead of using the admin-service-add-second-factor-to-login-policy API mentioned here:\nhttps://zitadel.com/docs/apis/resources/admin/admin-service-add-second-factor-to-login-policy\n\nis it possible to configure this directly from the ZITADEL UI?\n\nSpecifically:\n\nCan MFA be enabled or managed from the Organization settings in the UI?\n\nIs it possible to configure multiple MFA methods simultaneously for users?\n\nLooking forward to your guidance. Thanks in advance!","embeds":[],"flags":4,"id":"$n1460158437123166333","nonce":"1460158442202202112","parentChannelId":"$n1019895518383583323","pinned":false,"referenceId":"$n1447524088682774603","serverId":"$n927474939156643850","tts":false,"type":19},"metadata":{"users":{"403882453653127168":{"exists":true,"globalName":null,"url":"/u/403882453653127168","username":"Rajat Singh"}}},"reactions":[],"reference":{"message":{"attachments":[],"author":{"avatar":"e5b480de7fdb76af05498f7ece7a4625","id":"$n1346540274674827395","name":"Rajat"},"message":{"_creationTime":1765610675970.228,"_id":"k177szqx3f5ex39n8e6jw3s6gd7x7jna","authorId":"$n1346540274674827395","channelId":"$n1447516431439630457","content":"hey <@1034754381792415804> good morning, yes you are right, 2FA (second factors / MFA) is configured and enforced at the org login policy level, not per user.","embeds":[],"flags":0,"id":"$n1447524088682774603","parentChannelId":"$n1019895518383583323","pinned":false,"serverId":"$n927474939156643850","tts":false,"type":0},"metadata":{"users":{"1034754381792415804":{"exists":true,"globalName":null,"url":"/u/1034754381792415804","username":"Shanil Sasikumar"}}},"reactions":[],"solutions":[]},"messageId":"$n1447524088682774603"},"solutions":[]},{"attachments":[{"_creationTime":1768200182831.3813,"_id":"j97cdv3gnz0r1f1yh7jy810hyn7z3234","contentType":"image/png","filename":"image.png","height":1420,"id":"$n1460162125384126568","messageId":"$n1460162127422816438","size":189996,"url":"https://cdn.answeroverflow.com/1460162125384126568/image.png","width":1912}],"author":{"avatar":"e5b480de7fdb76af05498f7ece7a4625","id":"$n1346540274674827395","name":"Rajat"},"message":{"_creationTime":1768200182831.381,"_id":"k17bve7y6vswng8yw5ne2smcd57z3wqe","authorId":"$n1346540274674827395","channelId":"$n1447516431439630457","content":"hey <@1034754381792415804> good afternoon 🌅 \n> *Can MFA be enabled or managed from the Organization settings in the UI?*\n\nYes.\n\nGo to your Organization -> Settings -> Login Behavior and Security.\nURL would be `https://your-domain>/ui/console/org-settings?id=login`\nIn this menu, you can:\nAdd allowed methods under the \"Second factors\" section (e.g., TOTP).\nAdd allowed methods under the \"Multi factors\" section.\nEnable the \"Force Multi Factor\" toggle","embeds":[],"flags":0,"id":"$n1460162127422816438","nonce":"1460162121928015872","parentChannelId":"$n1019895518383583323","pinned":false,"referenceId":"$n1460158437123166333","serverId":"$n927474939156643850","tts":false,"type":19},"metadata":{"users":{"1034754381792415804":{"exists":true,"globalName":null,"url":"/u/1034754381792415804","username":"Shanil Sasikumar"}}},"reactions":[],"reference":{"message":{"attachments":[],"author":{"avatar":"4e70dfa6a1756743179a610577e430a2","id":"$n1034754381792415804","name":"Shanil Sasikumar"},"message":{"_creationTime":1768199303565.8098,"_id":"k17bn42vh62df1rfkd0y52qqwx7z2tym","authorId":"$n1034754381792415804","channelId":"$n1447516431439630457","content":"Thank you, <@403882453653127168> , for the quick response.\n\nInstead of using the admin-service-add-second-factor-to-login-policy API mentioned here:\nhttps://zitadel.com/docs/apis/resources/admin/admin-service-add-second-factor-to-login-policy\n\nis it possible to configure this directly from the ZITADEL UI?\n\nSpecifically:\n\nCan MFA be enabled or managed from the Organization settings in the UI?\n\nIs it possible to configure multiple MFA methods simultaneously for users?\n\nLooking forward to your guidance. Thanks in advance!","embeds":[],"flags":4,"id":"$n1460158437123166333","nonce":"1460158442202202112","parentChannelId":"$n1019895518383583323","pinned":false,"referenceId":"$n1447524088682774603","serverId":"$n927474939156643850","tts":false,"type":19},"metadata":{"users":{"403882453653127168":{"exists":true,"globalName":null,"url":"/u/403882453653127168","username":"Rajat Singh"}}},"reactions":[],"solutions":[]},"messageId":"$n1460158437123166333"},"solutions":[]},{"attachments":[],"author":{"avatar":"e5b480de7fdb76af05498f7ece7a4625","id":"$n1346540274674827395","name":"Rajat"},"message":{"_creationTime":1768200279467.1267,"_id":"k179bqs3swvdmjdzak8kr54mr57z2vk8","authorId":"$n1346540274674827395","channelId":"$n1447516431439630457","content":"> *Is it possible to configure multiple MFA methods simultaneously for users?*\n\nYes.\nAdmin Side: In the Login Policy UI referenced above, **you can add both TOTP and U2F simultaneously **as allowed methods.\n\nUser Side: A user can enroll in multiple methods at once (e.g., they can set up Google Authenticator on their phone and register a YubiKey). During login, Zitadel will let them choose which method they want to use to verify. 🙂","embeds":[],"flags":0,"id":"$n1460162535889305773","nonce":"1460162534630752256","parentChannelId":"$n1019895518383583323","pinned":false,"serverId":"$n927474939156643850","tts":false,"type":0},"metadata":{},"reactions":[],"solutions":[]},{"attachments":[{"_creationTime":1768200889102.1958,"_id":"j9794xs40t8s9w4wker48bh3e57z2nb9","contentType":"image/png","filename":"Screenshot_2026-01-12_121128.png","height":501,"id":"$n1460165098839605328","messageId":"$n1460165099166892113","size":32363,"url":"https://cdn.answeroverflow.com/1460165098839605328/Screenshot_2026-01-12_121128.png","width":666}],"author":{"avatar":"4e70dfa6a1756743179a610577e430a2","id":"$n1034754381792415804","name":"Shanil Sasikumar"},"message":{"_creationTime":1768200889102.1956,"_id":"k17dmfy9ygc68mz22z2rn8c4d17z3840","authorId":"$n1034754381792415804","channelId":"$n1447516431439630457","content":"<@1346540274674827395> \nI have one more clarification.\n\n1. What is the difference between “locally authenticated users” and “all users” in ZITADEL?\n\n2. Is it possible to enable One-Time Password via Email (Email OTP) and One-Time Password via SMS (SMS OTP) at the same time?\n\nFrom the ZITADEL UI, it appears that enabling both Email OTP and SMS OTP simultaneously is not supported","embeds":[],"flags":0,"id":"$n1460165099166892113","nonce":"1460165102761148416","parentChannelId":"$n1019895518383583323","pinned":false,"serverId":"$n927474939156643850","tts":false,"type":0},"metadata":{"users":{"1346540274674827395":{"exists":true,"globalName":null,"url":"/u/1346540274674827395","username":"Rajat"}}},"reactions":[],"solutions":[]},{"attachments":[],"author":{"avatar":"e5b480de7fdb76af05498f7ece7a4625","id":"$n1346540274674827395","name":"Rajat"},"message":{"_creationTime":1768203167574.0293,"_id":"k1764mqtyx2rw23txvwgk98cc57z28m3","authorId":"$n1346540274674827395","channelId":"$n1447516431439630457","content":"Locally Authenticated Users These are users whose accounts were created directly inside Zitadel. It holds their username and manages their password check.\n\nAll Users is the total group of everyone who can log in. It includes:\nThe Locally authenticated users.\nAnyone who logs in using [external options](https://zitadel.com/docs/guides/integrate/identity-providers/introduction#external-identity-providers-and-sso-authentication) like Google, Microsoft or any other IDP","embeds":[],"flags":4,"id":"$n1460174652037927091","nonce":"1460174650406338560","parentChannelId":"$n1019895518383583323","pinned":false,"referenceId":"$n1460165099166892113","serverId":"$n927474939156643850","tts":false,"type":19},"metadata":{},"reactions":[],"reference":{"message":{"attachments":[{"_creationTime":1768200889102.1958,"_id":"j9794xs40t8s9w4wker48bh3e57z2nb9","contentType":"image/png","filename":"Screenshot_2026-01-12_121128.png","height":501,"id":"$n1460165098839605328","messageId":"$n1460165099166892113","size":32363,"url":"https://cdn.answeroverflow.com/1460165098839605328/Screenshot_2026-01-12_121128.png","width":666}],"author":{"avatar":"4e70dfa6a1756743179a610577e430a2","id":"$n1034754381792415804","name":"Shanil Sasikumar"},"message":{"_creationTime":1768200889102.1956,"_id":"k17dmfy9ygc68mz22z2rn8c4d17z3840","authorId":"$n1034754381792415804","channelId":"$n1447516431439630457","content":"<@1346540274674827395> \nI have one more clarification.\n\n1. What is the difference between “locally authenticated users” and “all users” in ZITADEL?\n\n2. Is it possible to enable One-Time Password via Email (Email OTP) and One-Time Password via SMS (SMS OTP) at the same time?\n\nFrom the ZITADEL UI, it appears that enabling both Email OTP and SMS OTP simultaneously is not supported","embeds":[],"flags":0,"id":"$n1460165099166892113","nonce":"1460165102761148416","parentChannelId":"$n1019895518383583323","pinned":false,"serverId":"$n927474939156643850","tts":false,"type":0},"metadata":{"users":{"1346540274674827395":{"exists":true,"globalName":null,"url":"/u/1346540274674827395","username":"Rajat"}}},"reactions":[],"solutions":[]},"messageId":"$n1460165099166892113"},"solutions":[]},{"attachments":[],"author":{"avatar":"e5b480de7fdb76af05498f7ece7a4625","id":"$n1346540274674827395","name":"Rajat"},"message":{"_creationTime":1768203214521.3008,"_id":"k1772bht0n3jjppjh8mzbskaj57z2acz","authorId":"$n1346540274674827395","channelId":"$n1447516431439630457","content":"And Yes, you can enable both Email OTP and SMS OTP at the same time. 🙂","embeds":[],"flags":0,"id":"$n1460174853083758755","nonce":"1460174851338665984","parentChannelId":"$n1019895518383583323","pinned":false,"serverId":"$n927474939156643850","tts":false,"type":0},"metadata":{},"reactions":[],"solutions":[]},{"attachments":[],"author":{"avatar":"4e70dfa6a1756743179a610577e430a2","id":"$n1034754381792415804","name":"Shanil Sasikumar"},"message":{"_creationTime":1768285238847.6118,"_id":"k17ehqjgrrxsms4m206cbrne4h7z4sew","authorId":"$n1034754381792415804","channelId":"$n1447516431439630457","content":"<@1346540274674827395> Is Passkey (WebAuthn/FIDO2) authentication currently supported in ZITADEL with custom login screens?\nIf not, is it on the roadmap, and is there an estimated timeline for when it will be available?","embeds":[],"flags":0,"id":"$n1460518887887081717","nonce":"1460518886519603200","parentChannelId":"$n1019895518383583323","pinned":false,"serverId":"$n927474939156643850","tts":false,"type":0},"metadata":{"users":{"1346540274674827395":{"exists":true,"globalName":null,"url":"/u/1346540274674827395","username":"Rajat"}}},"reactions":[],"solutions":[]},{"attachments":[],"author":{"avatar":"e5b480de7fdb76af05498f7ece7a4625","id":"$n1346540274674827395","name":"Rajat"},"message":{"_creationTime":1768285451320.1836,"_id":"k173zp3qtrbw1e83qf8w64zt5x7z5a84","authorId":"$n1346540274674827395","channelId":"$n1447516431439630457","content":"hey <@1034754381792415804> good morning. yes its supported 🙂\nYou can read [Using Passkeys in a Custom Login UI](https://zitadel.com/docs/guides/integrate/login-ui/passkey)\nYou can [register WebAuthn](https://zitadel.com/docs/guides/integrate/login-ui/passkey#register-new-passkey-on-current-device:~:text=For%20more%20information%20about%20WebAuthN%20and%20registering%20credential%20flow%2C%20read%20the%20following%20guide%3A%20Registering%20a%20WebAuthN%20Credentials), which is also documented on that page\nlet me know if that helped","embeds":[],"flags":4,"id":"$n1460519781034623067","nonce":"1460519779751165952","parentChannelId":"$n1019895518383583323","pinned":false,"referenceId":"$n1460518887887081717","serverId":"$n927474939156643850","tts":false,"type":19},"metadata":{"users":{"1034754381792415804":{"exists":true,"globalName":null,"url":"/u/1034754381792415804","username":"Shanil Sasikumar"}}},"reactions":[],"reference":{"message":{"attachments":[],"author":{"avatar":"4e70dfa6a1756743179a610577e430a2","id":"$n1034754381792415804","name":"Shanil Sasikumar"},"message":{"_creationTime":1768285238847.6118,"_id":"k17ehqjgrrxsms4m206cbrne4h7z4sew","authorId":"$n1034754381792415804","channelId":"$n1447516431439630457","content":"<@1346540274674827395> Is Passkey (WebAuthn/FIDO2) authentication currently supported in ZITADEL with custom login screens?\nIf not, is it on the roadmap, and is there an estimated timeline for when it will be available?","embeds":[],"flags":0,"id":"$n1460518887887081717","nonce":"1460518886519603200","parentChannelId":"$n1019895518383583323","pinned":false,"serverId":"$n927474939156643850","tts":false,"type":0},"metadata":{"users":{"1346540274674827395":{"exists":true,"globalName":null,"url":"/u/1346540274674827395","username":"Rajat"}}},"reactions":[],"solutions":[]},"messageId":"$n1460518887887081717"},"solutions":[]}]},"nextCursor":null,"currentCursor":null}]

Is it possible to enable Two-Factor Authentication (2FA) for specific users in ZITADEL?

Similar Threads