Restricted endpointThe API path can only be called from the root or administrative namespace.
/sys/mfa endpoint focuses on managing Multi-factor Authentication (MFA)
behaviors in Vault Enterprise MFA.
Vault Enterprise allows MFA for login and access to sensitive resources in Vault. The Step-up Enterprise MFA expects the method creator to specify a name for the method; Login MFA does not, and instead returns an ID when a method is created. Although MFA methods supported with Step-up Enterprise MFA are supported with the Login MFA, they use different API endpoints.
- Step-up Enterprise MFA:
- Login MFA:
Note: While the
sys/mfa endpoint is supported for both Vault Community and Enterprise editions,
sys/mfa/method/:type/:/name is only supported for Vault Enterprise.
Refer to the Login MFA FAQ document for more details.