# How to set-up 2FA Authentication

1. ## Use Case

* Admin able to configure the 2FA authentication flow.
* Users should be able to login by using the configured 2FA flow.<br>

2. **Prerequisites**

* User need to present in realm where 2FA is configured&#x20;
  * Push Notification
* If Push is the second factor, users need to install the ZTrust authenticator application in mobile device and that device needs to be configured as a primary device and rabbit-mq keys need to be configured at the authentication tab.
  * Phone OTP
* If phone OTP is the second factor, in user details phone numbers need to be configured and  message bird keys need to be configured in the authentication tab.
  * NFC&#x20;
* NFC as a second factor, users need to install the ZTrust authenticator application in mobile device and user RFID card need to be configured with that user details.
  * TOTP
* TOTP as a second factor, user need to install the ZTrust authenticator application in mobile device.
  * Biometric
* Biometric as a second factor, user need to register his/her biometric details previously.<br>

3. **Configuration**&#x20;

* &#x20;For 2FA authentication, authentication flow needs to be configured. For that take a copy of browser flow from the authentication tab.\
  ![](https://lh7-rt.googleusercontent.com/docsz/AD_4nXdWzHDAJ4-qHVzHUFmzgeS_sGcXssVUA_0KpfViechel-JnqJW6xNGjp6dpnBFqMcP9Qo5TQaUm5shiMlSPbF5P6d2Jgh8BhoyEJ1UjAgyxmMfOXLgpzxR6zKL71kVR8ExuitHZv5aOjPvq71khmY0eEo9B?key=kwnbHJAFA60F0NlOa3eMxQ)

&#x20;           ![](https://lh7-rt.googleusercontent.com/docsz/AD_4nXdAq3RvgXRt6ym4DSNvmgB-IXO2nkPdXb8TLPUNbuOS22Spj6ta25OBXw285dpZjR-hwj58IaErYcvGoosHCuMmzhEmTPlphlLQQHxt30mWJ_BgRfDwin6NJhozuGaS7ValF5ybChWK4xyUtA9V_CNkYZZe?key=kwnbHJAFA60F0NlOa3eMxQ)

<br>

\ <br>

* After successful,  delete below fields from the newly created flow\
  ![](https://lh7-rt.googleusercontent.com/docsz/AD_4nXdZp4goq4X5gkLZdtfquv83tGH5msbUguUkiqriTVB_Olffa5T7EKrlLtgBHtaz1uwsiks_AwyDwfI4JkkCL7UHMT4rkqWBgsinnm120oIawSmmnS4qhprQWn7eHqQXoosjRUBZXG0dVVwNl1mR1xX-RLHR?key=kwnbHJAFA60F0NlOa3eMxQ)

\ <br>

* From 2FA Authentication forms create an sub flow like below\
  ![](https://lh7-rt.googleusercontent.com/docsz/AD_4nXdmzeZT7vMDaqq9g0Ktzx8ewCae9irTxeOH6VPw4_oMqMZg9x-UmHW-EHXM5p88-wc91zJ8ryxPYYxfw7lkgdYUNr07dCFevyynd1tZrOwdq21inRk2Mip-8uNxAdwh_g4vHN_HBK0hVFEEEQ25srfzcnkG?key=kwnbHJAFA60F0NlOa3eMxQ)
* After creating the sub flow click on + button and Add step to choose the 2FA feature\
  ![](https://lh7-rt.googleusercontent.com/docsz/AD_4nXc_T2eX45u-omlty9aCp3WZRMt4RT2sz7UGLEdybzUm3nSpOFgJsMdrFniSz3P-55cnk6Q60OX0I15KT-C6RPTsZik3G30S_92y49vltdPWpY8F64l8ejRfbedLUH4P33AfwtFhpfzG1LFXrmaOGWH8uBMG?key=kwnbHJAFA60F0NlOa3eMxQ)
* After clicking on Add step below form will appear, select one here choosing push notification as an 2FA\
  ![](https://lh7-rt.googleusercontent.com/docsz/AD_4nXck2i9ZqWPu_VelP8k1fb7fpRBdRtFqr5K-LVpvixOOv_m5hWkF4wFc3ejpoiYHCHE9FyvoHFWZbrL9l0apSsu5AFtBpYu6X6_rrNPUvnj2-npszxdXZbPAqg_v5mJYz79ljPfWK3GKfUB_dKUlhkV-hUPI?key=kwnbHJAFA60F0NlOa3eMxQ)
* Push notification added as a 2FA\
  ![](https://lh7-rt.googleusercontent.com/docsz/AD_4nXdyAYqD1oEmH1Xo7iavnCGrXS9PezkuMMR5px_Hq9UCx8IGTYfaChRTyWW861k5ctIa3uicL3plQiqtMQixuhNPnAAVNtwZJ8gE_hlXni2rnAyWz9wnDySrTqJgjv4Jpgfj5cdSKalo8BKNC729OtHbjv_M?key=kwnbHJAFA60F0NlOa3eMxQ)
* At last set this flow as a browser flow like below\
  ![](https://lh7-rt.googleusercontent.com/docsz/AD_4nXeL32aM82F8TSpp4CLDXZVtglH7Rl8gEKKwRWTO3Pur1LnXsycgPM95ZsNKRLMVqn2XGhwUtHzdQHl6Ixh7epVi19xFU7mBF1wPO_j1tJ6kqExfBvkL7md2BWJVjjFKo3TDn90XWWIuDwPwXYsxk8MJs_ne?key=kwnbHJAFA60F0NlOa3eMxQ)

<br>

Here push notification is added as a 2FA, and can add any one of these features like Biometric, TOTP, Phone OTP, NFC.

<br>