Multi-factor authentication TOTP-based

@jamil , is it possible to enable TOTP together with SSO?

That would be up to your specific SSO provider. We recommend enabling it there wherever possible.

TOTP is used for local authentication only.

Is it possible to enable TOTP for SSO also?

And for local auth how do I enforce TOTP ?

Hi @remy – it’s not possible to enable TOTP for SSO. We leave that up to the SSO provider.

We have this issue open to address local authentication improvements, but if you’re looking for a self-hosted authentication provider, we recommend spinning up Keycloak and using it as an OIDC provider for Firezone. It supports many more authentication features than we could ever hope to.