MFA Configuration

Required configuration to enable the MFA feature.

When configuring Multi-Factor Authentication (MFA) features, especially in systems that involve user authentication and data protection, encryption and salting mechanisms are critical. Two environment values are required: a secret and a salt. Both work in tandem to maintain the integrity, confidentiality, and robustness of the MFA feature, ensuring that users' authentication processes are both secure and trustworthy.

  • CYBUS_MFA_ENABLED: when set to 'true', the MFA feature will be enabled in general. When set to 'false', the MFA feature is disabled.

  • CYBUS_MFA_ENCRYPTION_SECRET: the key for MFA encryption

  • CYBUS_MFA_ENCRYPTION_SALT: the salt as extra layer of randomness for MFA encryption

  • CYBUS_MFA_MAX_INVALID_OTPS_PER_USER: (optional) maximum number of invalid OTPs a user can enter during the MFA login flow before the account gets temporarily deactivated

  • CYBUS_MFA_BAN_DURATION_MINUTES: (optional) duration in minutes for temporarily user account deactivation after failing multiple times entering invalid OTPs during MFA login flow

Example configuration:

CYBUS_MFA_ENABLED=true
CYBUS_MFA_ENCRYPTION_SECRET=18473274-5073-11ee-be56-0242ac120002
CYBUS_MFA_ENCRYPTION_SALT=229c75c2-5073-11ee-be56-0242ac120002

Last updated

Was this helpful?