Two-Factor Authentication
Users can enable two-factor authentication for their accounts in the /account/2fa
view. Once enabled, the user will be presented with a QR code that they can scan using their authenticator app of choice, such as Google Authenticator.
2FA works with all the Gravity login flows:
username and password
magic links
social sign-ons
Once a user has signed has completed the first-factor authentication using one of these methods, they will be prompted to enter OTP (verification code) from their authenticator app. This screen has a time-sensitive token (5 mins) created during the first step; this prevents a user from bypassing the first step in the auth flow without a token.
Setting Your App Name In The Authenticator Apps
To show your application name in the user's authenticator app, simply set the APP_NAME
env var to the name of your application.
Last updated
Was this helpful?