Hello everyone! I want to use a phone number as a second authentication factor. Currently, I'm facing an issue: after logging in with these parameters (all=all2, via=phone), everything seems to work. In my session data, I can see that the user is currently logged in using the second factor. However, I can't find a solution to require the second factor for this user after logout. Is it possible to use a phone number as a 2AF? If you have experience working with it, could you please share it with me?

Hello @enough-sugar-12780 Can you help me understand what the issue is? From your description it sounds like first factor password, second factor code via SMS works for you? > However, I can't find a solution to require the second factor for this user after logout. Do you mean to require the second factor for this user after they logged out and now want to log in again? So you want them to use SMS MFA every time they log in?

Hey Vincent! I would like to have the same flow that Ory suggests when using TOTP. Once I've added the second factor via phone number, I want it to be used every time a user logs in.

@enough-sugar-12780 If you want all users that configured a second factor to complete the factor before using your app, set

session.whoami.required_aal

to

highest_available

in the configuration file:

# ...  
session:  
 whoami:  
 required_aal: highest_available  
# ...

Or disable the Allow Login without Second Factor slider at https://console.ory.sh/projects/current/mfa