Is it possible to have multiple Guardian enrollments for a single user?
The API is capable of giving me all enrollments for a user. However, when I trigger an enrollment ticket via the Guardian API, I can only authenticate with my present enrollment. It does not trigger a new enrollment process.
Would it be possible to have other enrollments besides a Guardian enrollment? If not, then why does the API call return a list of enrollments for the user?
@jonas we can have multiple enrollments supported in Guardian with the new MFA api in the case where we are interacting with /oauth/token
endpoint. When using /authorize
flow, the enrollment will continue to support one enrollment.
For the list of enrollments, if you are referring to the /api/v2/users/{id}/enrollments
endpoint you will see one enrollment. The new MFA api has a /mfa/authenticators
endpoint that allows you to obtain a list of associated authenticators.
@kimcodes
thanks for responding. I noticed your blog post introducing the new MFA API. It may cover my use case but I have yet to really play with it.
In any case, I’m now able to really judge what is possible which makes it a lot easier.
@jonas great! Feel free to contact us, or DM me, if in the future you have any specific use cases you want to evaluate.
We have created a FAQ related to this topic. Please check it out: How to set up MFA TOTP enrollment with MFA API