/sys/mfa
Restricted endpoint
The API path can only be called from the root namespace.The /sys/mfa
endpoint focuses on managing Multi-factor Authentication (MFA)
behaviors in Vault Enterprise MFA.
Supported MFA types
Step-up enterprise MFA
Vault Enterprise allows MFA for login and access to sensitive resources in Vault. The Step-up Enterprise MFA expects the method creator to specify a name for the method; Login MFA does not, and instead returns an ID when a method is created. Although MFA methods supported with Step-up Enterprise MFA are supported with the Login MFA, they use different API endpoints.
- Step-up Enterprise MFA:
sys/mfa/method/:type/:/name
- Login MFA:
identity/mfa/method/:type
Note: While the sys/mfa
endpoint is supported for both Vault Community and Enterprise editions, sys/mfa/method/:type/:/name
is only supported for Vault Enterprise.
Refer to the Login MFA FAQ document for more details.