Multi-Factor Authentication

Next-level security for your app

Unlock advanced authentication methods using authenticator apps (TOTP) and SMS passcodes.

Enter your secure
passcode to continue
8
4
Verify Code
Your one-time passcode is:
845 725
20
Text message
Today at 12:23 PM
Your secure sign-in code is 845725

Your app. Your rules.
Secure by design.

Multi-Factor Authentication

Your app’s architecture for advanced security

TOTP

Time-based One-Time Password supported

SMS

Phone number passcodes enabled

Frictionless integration. Compatible with your needs.

With a few API calls, you can integrate MFA into an existing application, regardless of the authentication layer or session management strategy.

Enroll, activate, and verify authentication factors

A composable, unopinionated set of endpoints that can be integrated into an existing application.


// Register an additional factor of authentication
// such as Time-based One Time Password (TOTP)

import WorkOS from '@workos-inc/node';

const workos = new WorkOS('sk_example_123456');

await workos.mfa.enrollFactor({
  type: 'totp',
  issuer: 'Foo Corp',
  user: 'alan.turing@foo-corp.com',
});



# Register an additional factor of authentication
# such as Time-based One Time Password (TOTP)

require 'workos'

WorkOS.key = 'sk_example_123456'

factor = WorkOS::MFA.enroll_factor(
  type: 'totp',
  totp_issuer: 'Foo Corp',
  totp_user: 'alan.turing@foo-corp.com',
)



# Register an additional factor of authentication
# such as Time-based One Time Password (TOTP)

import workos
from workos import client

workos.api_key = 'sk_example_123456'
workos.client_id = 'client_123456789'

response = workos.client.mfa.enroll_factor(
  type='totp',
  totp_issuer='Foo Corp',
  totp_user='alan.turing@foo-corp.com'
)

// Register an additional factor of authentication
// such as Time-based One Time Password (TOTP)

import "github.com/workos/workos-go/pkg/mfa"

mfa.SetAPIKey("sk_example_123456")

enroll, err := mfa.EnrollFactor(context.Background(), mfa.GetEnrollOpts{
  Type:       "totp",
  TotpIssuer: "Foo Corp",
  TotpUser:   "alan.turing@foo-corp.com",
})



// Register an additional factor of authentication
// such as Time-based One Time Password (TOTP)

$this->mfa = new WorkOS\MFA();

$type = "totp";
$totpIssuer = "Foo Corp";
$totpUser = "alan.turing@foo-corp.com";

$factor = $this->mfa->enrollFactor($type, $totpIssuer, $totpUser);





// Register an additional factor of authentication
// such as Time-based One Time Password (TOTP)

import com.workos.WorkOS;

WorkOS workos = new WorkOS("sk_example_123456");

EnrollFactorOptions options = MfaApi.EnrollFactorOptions.builder()
  .type("totp")
  .issuer("Foo Corp")
  .user("alan.turing@foo-corp.com")
  .build();

Factor factor = workos.mfa.enrollFactor(options);

// Register an additional factor of authentication
// such as Time-based One Time Password (TOTP)

WorkOS.SetApiKey("sk_example_123456");

var service = new MfaService();
var options = new EnrollTotpFactorOptions("Foo Corp", "alan.turing@foo-corp.com");
var response = await service.EnrollFactor(options);







curl --request POST \
  --url "https://api.workos.com/auth/factors/enroll" \
  --header "Authorization: Bearer sk_example_123456" \
  -d type="totp" \
  -d totp_issuer="Foo Corp" \
  -d totp_user="alan.turing@foo-corp.com"
  
  
  
  
  
  
  
  
  • Stay in control of the user journey

    Choose between enforcing MFA for all users or making it an opt-in configuration.
  • Customizable templates

    Tailor the SMS message delivered to your users to fit your app and brand.
  • Flexible authentication flows

    Allow users to configure both TOTP and SMS verification using the same API interface.

Support authenticator apps for an extra layer of security

Enforce additional security measures by asking users to prove possession of their device using apps like 1Password, Google Authenticator, and Duo.

Restrict access to sensitive resources with re-verification

Require users to verify their identity with a stronger authentication mechanism when accessing restricted resources or performing sensitive actions.

“When I asked the team, how was the experience with WorkOS? They were just like, this is incredible.”
Sam Lambert
CEO
Read more

This site uses cookies to improve your experience. Please accept the use of cookies on this site. You can review our cookie policy here and our privacy policy here. If you choose to refuse, functionality of this site will be limited.