About multi-factor authentication
Auth and access
This is an advanced org feature that is only available on the Kinde Scale plan. You can set multi-factor auth for 5 organizations and then charges apply for each organization that uses advanced org features.
As part of being able to set unique authentication methods for an organization, you can also set how multi-factor authentication (MFA) works per organization.
You might want to use MFA for some of your orgs, such as for business customers that require their users to have MFA as part of sign in. This is common in finance and government sectors.
As part of this feature, you can:
In Kinde, go to Settings > Environment > Multi-factor auth.
If Require multi-factor authentication is set as ‘Yes’ or ‘Optional’ at the environment level, this configuration is used for all your organizations and the MFA methods are shared across all.
The requirement should be ‘No’ if you only want to enforce MFA for some organizations and require users to set up unique MFA methods per organization.
You need to have roles set up in Kinde.
If a user has a mix of exempt and non-exempt roles, MFA will apply as default.
You need to have enterprise connections set up in Kinde.
If a user signs in via Okta (exempt) and has an Admin role (not exempt), they will not be prompted for MFA.
If users are authenticating via MFA in the organization, switching it off may cause breaking changes.
Switching off reverts MFA requirements to whatever is set in your environment.