Opt-in-mfa (Section)#

Path: /profiles/profile{id, type}/settings/authentication-service/authentication-actions/authentication-action{id}/opt-in-mfa

Parameters#

Name	Type	Required	Default	Description
disable-recovery-codes	`boolean`	optional	`false`	Disable use of recovery codes
allow-authentication-with-recovery-code	`boolean`	optional	`false`	Allow using recovery codes to complete authentication
allow-authentication-with-sso-for-second-factor	`boolean`	optional	`false`	Allow using an SSO to complete second factor authentication
opt-out-ttl-in-days	`uint32`	optional	`0`	TTL of the second factor opt-out, in days. If zero (the default), then second factor opt-out is not allowed

Name	Type	Description
account-manager	Section	None
mfa-state-bucket	Section	Bucket to store MfA state in. Required for LDAP account managers.
allowed-second-factor	List	List with the allowed second factors