Hi everyone!
We have a requirement for a Custom MFA implementation, since the client needs a series of custom brandings, behaviors and flows for it. I would like to ask two questions here:
-
Our tech stack is as follows: we use React for developing the Custom MFA screens(MUI, i18next etc.), we transform them into web components and use them in the universal_login pages whenever the prompt is mfa. Now, I know there are a bunch of approaches to this problem, but I want to ask for the opinion of the community and maybe receive improvement ideas, and some comparisons between them. Could the Custom MFA Providers be better here so we can just host our Custom MFA React app and redirect the user to it using the redirect protocol?
-
One of the requirements is to also customize and enroll Webauthn Device Biometrics as a factor from the Custom MFA. I’ve read quite a number of posts and docs for this, and it all leads to “Custom MFA API allows for fetching/deleting these factors, but not enrolling them”. Is this right? If yes, is the idea of adding a custom implementation of biometrics using Web Authentication the right one? Is there any other limitation of this kind for any other factors?
Let me know if I should add additional info here.
Have a wonderful day everyone!