Multifactor authentication

Adding a new method

Backup codes / Static tokens

We recommend getting backup codes as a recovery option in case you misplace your device where you keep TOTP codes or use as a passkey. Each set of static tokens are 6 random 12-character token generated by Authentik.

1. Go to your user dashboard > ⚙️ (User settings) > MFA Devices (direct link).

2. After clicking Enroll, select Static tokens (direct link) to get started.

3. A set of backup codes are shown on your screen. Store them in a secure place since this will be the last time you will see them.

4. Once you saved a copy of them, click Continue to confirm and return back to the MFA Devices page.

If you missed or lost them, you have to repeat the above steps and delete the previous set.

Time-based OTPs

TOTP codes are a secure way to protect your account against password leakages and unauthorized access, although you need extra caution regarding site impersonation and phishing attacks. This can be also used as an additional method for situations where you can't use passkeys or security keys to sign in.

Security keys and passkeys

Using passkeys and security keys give you highest level of security against site impersonation and phishing attacks and can be also used for passwordless sign-ins.

1. Go to your user dashboard > ⚙️ (User settings) > MFA Devices (direct link).

2. After clicking Enroll, select WebAuthn device (direct link) to get started.

3. Follow your password manager or browser prompts to add a credential to your vault or device.

4. Once successful, you will redirected back to the same screen where you can manage existing methods and add additional ones.

Managing your methods

To manage your 2FA methods, visit your user settings then navigate to MFA Devices tab (direct link).

To rename a method or device, click the 📝 (Edit) icon besides the corresponding

A note on social logins

At the moment, signing in with social logins bypasses your multifactor authentication setup, which may or may not intentional for some users. We recommend enabling multifactor authentication with your linked social accounts as well with recovery codes kept safe in a secure location.