Multi-factor Authentication (MFA)

The Descope service provides the ability to add layered security to your application by implementing MFA authentication. There are two ways to implement MFA authentication within your application.

If you are utilizing Descope flows within your application, you can add the out-of-the-box Risk Calculator action within your flow (see the screenshot below). This action will determine if the risk is high and trigger MFA. Details on Descope's risk calculation are located here.

Descope risk calculation within flows

If you are utilizing the SDKs within your application, you can add login options to the various authentication methods. Details on implementing MFA utilizing the client sdks and backend SDKs can be found below.

MFA JWT

Once a user has successfully authenticated with MFA, the returned JWT will include the mfa item within the amr of the JWT to indicate that the JWT has been authenticated via multi-factor authentication.

{
  "amr": [
    "oauth",
    "sms",
    "mfa"
  ],
  "drn": "DS",
  "exp": xxx,
  "iat": xxx,
  "iss": "xxxxxx",
  "rexp": "2024-08-08T14:24:58Z",
  "sub": "xxxxxx"
}
Was this helpful?

Previous

Backend SDKs

Next

Client SDKs

On this page

Multi-factor Authentication (MFA)MFA JWT