A new platform for documentation and tutorials is launching soon.
We are migrating Vault documentation into HashiCorp Developer, our new developer experience.
/sys/mfa endpoint focuses on managing Multi-factor Authentication (MFA)
behaviors in Vault Enterprise MFA.
»Supported MFA types
»Step-up Enterprise MFA
Vault Enterprise allows MFA for login and access to sensitive resources in Vault. The Step-up Enterprise MFA expects the method creator to specify a name for the method; Login MFA does not, and instead returns an ID when a method is created. Although MFA methods supported with Step-up Enterprise MFA are supported with the Login MFA, they use different API endpoints.
- Step-up Enterprise MFA:
- Login MFA:
Note: While the
sys/mfa endpoint is supported for both OSS and Vault Enterprise,
sys/mfa/method/:type/:/name is only supported for Vault Enterprise.
Refer to the Login MFA FAQ document for more details.