I added MFA config via the 'User Dashboard'. After I logged out and tried to re-login I was asked for MFA.
So I have to use MFA right after i configured it? I thought I have to add require mfa to the transform user section first?
I want to use MFA not for all domains but only some of them. So how can I configure this?
Is MFA set per user or can I also set it per domain?
{
order authenticate before respond
order authorize before basicauth
security {
local identity store localdb {
realm local
path /opt/startup/caddy/auth/users.json
user itsme {
name me
email me@here
password "bcrypt:10:$2a$14$q/.GQ[REDACTED]"
roles authp/admin authp/user
}
}
authentication portal myportal {
crypto default token lifetime 3600
crypto key sign-verify {env.JWT_SHARED_KEY}
enable identity store localdb
cookie domain [REDACTED]
ui {
static_asset "assets/images/logo.svg" "image/svg+xml" auth/lock.svg
links {
"My Identity" "/whoami" icon "las la-user"
}
}
transform user {
match origin local
action add role authp/user
ui link "User Dashboard" /auth/profile/ icon "las la-cog"
}
}
authorization policy admins_policy {
set auth url https://[REDACTED]/
allow roles authp/admin authp/user
crypto key verify {env.JWT_SHARED_KEY}
acl rule {
comment allow users
match role authp/user
allow stop log info
}
acl rule {
comment default deny
match any
deny log warn
}
}
}
}
I added MFA config via the 'User Dashboard'. After I logged out and tried to re-login I was asked for MFA.
So I have to use MFA right after i configured it? I thought I have to add
require mfato the transform user section first?I want to use MFA not for all domains but only some of them. So how can I configure this?
Is MFA set per user or can I also set it per domain?