Documentation for Implementing MFA

Is there any documentation on an official method for implementing multi-factor authentication on a client portal?

It’s not obvious to me how one would utilize the SMS/Email blocks for a more secure login.

After talking with support, it sounds like multi-factor is not currently an option. I’m hoping to see this as a feature offered soon, it would be helpful to have that additional level of security for our users.

3 Likes

Oh that’s a shame. I can’t use Softr then for my app as most companies I work with will not buy a product without MFA as a basic procurement rule.

This sure will become an issue while European countries have to implement cybersecurity laws according to NIS2.
Does anyone know this is on the roadmap? I could not find it

Hi all,

I just checked in with the team, and while it IS on our roadmap and something we intend to build, there is still some work ahead of it in order to get our authentication components to the point where we can build this functionality. So I can’t give you a date yet, but it is something we intend on building.

I have a real problem with this response and here’s why:

  • We were told last year that it was going to be addressed and more largely, that the overall authentication process was going to be redesigned.
  • Recently, we were prompted to upgrade our Professional Softr account to the new Business plan. The subscription fee was significantly more but we’re trying to support Softr so we agreed.
  • After upgrading, SSO (SAML), which we’ve been actively using, is now greyed out (along with our settings and integration) and now specifies SSO is only available on an Enterprise account, which you can’t even sign up for without contacting sales.

SSO has and is currently our only option for 2FA and large scale, secure authentication.

It’s concerning that in a world where the current cyber security climate is unprecedented, Softr is taking the approach of prioritizing new features and UX over foundational security and authentication measures, I just can’t put our clients data at risk.

3 Likes

You are so right Matt. Hopefully Softr will realize this as well. As for European companies because of the implementation of the NIS2 directive it will become mandatory to have MFA. And this all will become active from October this year. So all we can do is make a lot of feature requests for MFA.

1 Like

Hi, any update on the date of this feature? I am working through technical spec with my first customer and this is a definite no go from them if not. I hope I don’t have the ditch softr and start again!

1 Like

@UsingData Early Feb we will release new user management functionality it will support MFA then you could use (password + email code)… alternatively using google with their MFA or SSO with their MFA