fix: update mfa prompt policy (#937)

logto-io · Dec 19, 2024 · aacf259 · aacf259
1 parent 5a93d5d
commit aacf259
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 3 deletions.
diff --git a/docs/end-user-flows/mfa/assets/configure-mfa.png b/docs/end-user-flows/mfa/assets/configure-mfa.png
diff --git a/docs/end-user-flows/mfa/configure-mfa.mdx b/docs/end-user-flows/mfa/configure-mfa.mdx
@@ -15,9 +15,12 @@ Follow these steps to enable MFAs in users’ Logto sign-in flow:
       - [Passkeys (WebAuthn)](/end-user-flows/mfa/webauthn): A high-security option suitable for web products supporting device biometrics or security keys, etc., ensuring robust protection.
    2. Backup factors:
       - [Backup codes](/end-user-flows/mfa/backup-codes): This serves as a backup option when users can't verify any of the primary factors mentioned above. Enabling this option reduces friction for users' access successfully.
-3. Select the MFA policy settings for the users:
-   - **User-controlled MFA**: Users can skip the MFA setup process during sign-up flow. They may choose to set up MFA later through your self-service account settings page or Logto hosted account settings page (coming soon). [Learn more](/end-user-flows/account-settings/) about implementing a user account settings page.
-   - **Admin-enforced MFA**: You can enforce MFA for all users. Users will be prompted to set up MFA during the sign-in process which cannot be skipped. If the user fails to set up MFA or deletes their MFA settings, they will be locked out of their account until they set up MFA again.
+3. Choose if you want to enable **Require MFA**:
+   - **Enable**: Users will be prompted to set up MFA during the sign-in process which cannot be skipped. If the user fails to set up MFA or deletes their MFA settings, they will be locked out of their account until they set up MFA again.
+   - **Disable**: Users can skip the MFA setup process during the sign-up flow. They may set up MFA later through your self-service account settings page. [Learn more](/end-user-flows/account-settings/) about implementing a user account settings page. And continue to choose the policy for the MFA setup prompt:
+     - **Do not ask users to set up MFA**: Users will not be prompted to set up MFA during sign-in.
+     - **Ask users to set up MFA during registration**: New users will be prompted to set up MFA during registration, and existing users will see the prompt at their next sign-in. Users can skip this step, and it won’t appear again.
+     - **Ask users to set up MFA on their sign-in after registration**: New users will be prompted to set up MFA at their second sign-in after registration, and existing users will see the prompt at their next sign-in. Users can skip this step, and it won’t appear again.
 
 ![MFA settings](./assets/configure-mfa.png)