# How to set-up 2FA Authentication

1. ## Use Case

* Admin able to configure the 2FA authentication flow.
* Users should be able to login by using the configured 2FA flow.<br>

2. **Prerequisites**

* User need to present in realm where 2FA is configured&#x20;
  * Push Notification
* If Push is the second factor, users need to install the ZTrust authenticator application in mobile device and that device needs to be configured as a primary device and rabbit-mq keys need to be configured at the authentication tab.
  * Phone OTP
* If phone OTP is the second factor, in user details phone numbers need to be configured and  message bird keys need to be configured in the authentication tab.
  * NFC&#x20;
* NFC as a second factor, users need to install the ZTrust authenticator application in mobile device and user RFID card need to be configured with that user details.
  * TOTP
* TOTP as a second factor, user need to install the ZTrust authenticator application in mobile device.
  * Biometric
* Biometric as a second factor, user need to register his/her biometric details previously.<br>

3. **Configuration**&#x20;

* &#x20;For 2FA authentication, authentication flow needs to be configured. For that take a copy of browser flow from the authentication tab.\
  ![](https://lh7-rt.googleusercontent.com/docsz/AD_4nXdWzHDAJ4-qHVzHUFmzgeS_sGcXssVUA_0KpfViechel-JnqJW6xNGjp6dpnBFqMcP9Qo5TQaUm5shiMlSPbF5P6d2Jgh8BhoyEJ1UjAgyxmMfOXLgpzxR6zKL71kVR8ExuitHZv5aOjPvq71khmY0eEo9B?key=kwnbHJAFA60F0NlOa3eMxQ)

&#x20;           ![](https://lh7-rt.googleusercontent.com/docsz/AD_4nXdAq3RvgXRt6ym4DSNvmgB-IXO2nkPdXb8TLPUNbuOS22Spj6ta25OBXw285dpZjR-hwj58IaErYcvGoosHCuMmzhEmTPlphlLQQHxt30mWJ_BgRfDwin6NJhozuGaS7ValF5ybChWK4xyUtA9V_CNkYZZe?key=kwnbHJAFA60F0NlOa3eMxQ)

<br>

\ <br>

* After successful,  delete below fields from the newly created flow\
  ![](https://lh7-rt.googleusercontent.com/docsz/AD_4nXdZp4goq4X5gkLZdtfquv83tGH5msbUguUkiqriTVB_Olffa5T7EKrlLtgBHtaz1uwsiks_AwyDwfI4JkkCL7UHMT4rkqWBgsinnm120oIawSmmnS4qhprQWn7eHqQXoosjRUBZXG0dVVwNl1mR1xX-RLHR?key=kwnbHJAFA60F0NlOa3eMxQ)

\ <br>

* From 2FA Authentication forms create an sub flow like below\
  ![](https://lh7-rt.googleusercontent.com/docsz/AD_4nXdmzeZT7vMDaqq9g0Ktzx8ewCae9irTxeOH6VPw4_oMqMZg9x-UmHW-EHXM5p88-wc91zJ8ryxPYYxfw7lkgdYUNr07dCFevyynd1tZrOwdq21inRk2Mip-8uNxAdwh_g4vHN_HBK0hVFEEEQ25srfzcnkG?key=kwnbHJAFA60F0NlOa3eMxQ)
* After creating the sub flow click on + button and Add step to choose the 2FA feature\
  ![](https://lh7-rt.googleusercontent.com/docsz/AD_4nXc_T2eX45u-omlty9aCp3WZRMt4RT2sz7UGLEdybzUm3nSpOFgJsMdrFniSz3P-55cnk6Q60OX0I15KT-C6RPTsZik3G30S_92y49vltdPWpY8F64l8ejRfbedLUH4P33AfwtFhpfzG1LFXrmaOGWH8uBMG?key=kwnbHJAFA60F0NlOa3eMxQ)
* After clicking on Add step below form will appear, select one here choosing push notification as an 2FA\
  ![](https://lh7-rt.googleusercontent.com/docsz/AD_4nXck2i9ZqWPu_VelP8k1fb7fpRBdRtFqr5K-LVpvixOOv_m5hWkF4wFc3ejpoiYHCHE9FyvoHFWZbrL9l0apSsu5AFtBpYu6X6_rrNPUvnj2-npszxdXZbPAqg_v5mJYz79ljPfWK3GKfUB_dKUlhkV-hUPI?key=kwnbHJAFA60F0NlOa3eMxQ)
* Push notification added as a 2FA\
  ![](https://lh7-rt.googleusercontent.com/docsz/AD_4nXdyAYqD1oEmH1Xo7iavnCGrXS9PezkuMMR5px_Hq9UCx8IGTYfaChRTyWW861k5ctIa3uicL3plQiqtMQixuhNPnAAVNtwZJ8gE_hlXni2rnAyWz9wnDySrTqJgjv4Jpgfj5cdSKalo8BKNC729OtHbjv_M?key=kwnbHJAFA60F0NlOa3eMxQ)
* At last set this flow as a browser flow like below\
  ![](https://lh7-rt.googleusercontent.com/docsz/AD_4nXeL32aM82F8TSpp4CLDXZVtglH7Rl8gEKKwRWTO3Pur1LnXsycgPM95ZsNKRLMVqn2XGhwUtHzdQHl6Ixh7epVi19xFU7mBF1wPO_j1tJ6kqExfBvkL7md2BWJVjjFKo3TDn90XWWIuDwPwXYsxk8MJs_ne?key=kwnbHJAFA60F0NlOa3eMxQ)

<br>

Here push notification is added as a 2FA, and can add any one of these features like Biometric, TOTP, Phone OTP, NFC.

<br>

#### Here you can follow the Configurations for using different combination of authentication as 2FA

* Username Password as first factor and TOTP as second factor

<figure><img src="https://1778922777-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F3EUK5AUZv0UVaI5S0CTM%2Fuploads%2F5fJOjCXI1qCCoZiku22A%2FScreenshot%202024-11-12%20at%202.36.49%E2%80%AFPM.png?alt=media&#x26;token=e9335f72-f794-4a81-b6fe-0f7b494a6ac8" alt="" width="563"><figcaption></figcaption></figure>

* Push notification based authentication as first factor and TOTP as second factor

<figure><img src="https://1778922777-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F3EUK5AUZv0UVaI5S0CTM%2Fuploads%2F2S2mCIF0cn81ptgt7IR0%2FScreenshot%202024-11-12%20at%202.38.49%E2%80%AFPM.png?alt=media&#x26;token=65d126a5-bf3f-45f4-b2d5-d0dae39fd190" alt="" width="563"><figcaption></figcaption></figure>

* Username Password as first factor and Push notification based authentication as second factor

<figure><img src="https://1778922777-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F3EUK5AUZv0UVaI5S0CTM%2Fuploads%2FnDhirEMYKzk0HURUGHbe%2FScreenshot%202024-11-12%20at%202.41.06%E2%80%AFPM.png?alt=media&#x26;token=76539dea-89f1-40ea-98a5-bb4723a60413" alt="" width="563"><figcaption></figcaption></figure>

* Username Password as first factor and NFC based authentication as second factor

<figure><img src="https://1778922777-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F3EUK5AUZv0UVaI5S0CTM%2Fuploads%2FVD6RE1bWWNPsQ2M5yHXa%2FScreenshot%202024-11-12%20at%202.44.00%E2%80%AFPM.png?alt=media&#x26;token=64a04e33-1710-4a21-9aee-4ae85e00ef37" alt="" width="563"><figcaption></figcaption></figure>

* QR base authentication as first factor and TOTP as second factor

<figure><img src="https://1778922777-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F3EUK5AUZv0UVaI5S0CTM%2Fuploads%2FHPv7gpIfaRwtN6Tlon30%2FScreenshot%202024-11-12%20at%202.47.57%E2%80%AFPM.png?alt=media&#x26;token=0be787ad-689d-4480-bdd5-70c3e61ead6b" alt="" width="563"><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://ztrust.gitbook.io/ztrust-documentation/user-manual-ztrust-v3.0/admin-manual/how-to-set-up-multi-factor-authentication/how-to-set-up-2fa-authentication.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.