Unregistered Multi-factor Authentication (umfa) is about being possible to require Unregistered SMTP OTP or Unregistered SMS OTP as the second factor authentication method for unregistered users returned from a SAML or an OpenID Connect method.
Configuration
Create the first factor method
SAML
OpenID Connect
Create the second factor method
Unregistered SMTP OTP
Unregistered SMS OTP
While not required, it’s useful to verify at this point that both work individually without the umfa configuration.
To enable the second factor method to be used in multi-factor authentication, set following configuration string for the second factor method:
mfa true
PUT /method/unregistered.smtp
configuration:mfa true
To chain the second factor method after the first factor method, set the second factor method as the
nextFactor
method for the first factor method.PUT /method/oidc.1/$link/nextFactor/method/unregistered.smtp