Multi-Factor Authentication

Enabling MFA

MFA can be enabled by adding require mfa directive inside transform user directive:

{
  security {
    local identity store localdb {
      realm local
      path {$HOME}/.local/caddy/users.json
    }

    authentication portal myportal {
      enable identity store localdb
      transform user {
        match realm local
        require mfa
      }
    }
  }
}

auth.myfiosgateway.com {
  authenticate with myportal
}

Currently, the MFA requirement can be applied only to local identity store type.

Add MFA Authenticator Application

The following screenshot is from /auth/settings/mfa/add/app endpoint:

The QR Code displayed on the page complies Key Uri Format.

In your MFA application, e.g. Microsoft Authenticator, follow these steps to onboard your web account.