Multi-factor authentication
Passkeys, TOTP, and recovery codes. Enforce MFA policies per user, group, or tenant.
Multiple factor types
Support for passkeys (WebAuthn/FIDO2), TOTP authenticator apps, and single-use recovery codes. Users can register multiple factors for redundancy.
Granular policies
Enforce MFA at the tenant, group, or individual user level. Require specific factor types for sensitive operations or administrative roles.
Self-service enrollment
Users can register and manage their own MFA factors through an intuitive web interface, reducing helpdesk burden and improving security posture.
0
factor types supported
Per-user/group/tenant
policies
0
uptime SLA
noo id provides flexible multi-factor authentication with support for passkeys, TOTP, and recovery codes. Administrators can enforce MFA policies at the tenant, group, or individual user level with configurable grace periods and factor-type requirements. Self-service enrollment lets users set up and manage their own factors without IT intervention.
Supported factor types
Passkeys / WebAuthn
Phishing-resistant authentication using public-key cryptography. Users verify with biometrics or a hardware security key, and credentials are bound to the origin so they cannot be intercepted.
TOTP authenticator apps
Time-based one-time passwords generated by apps like Google Authenticator or Authy. Works offline on any smartphone and follows an open standard compatible with all major authenticator apps.
Recovery codes
A set of single-use backup codes generated during enrollment. Each code can only be used once and provides a fallback when primary MFA devices are lost or unavailable.
Self-service enrollment flow
Users can register and manage their own MFA factors without IT assistance, reducing helpdesk burden while improving security adoption across the organization.
Navigate to settings
The user opens account security settings, or is automatically redirected during first login if an MFA policy is enforced.
Select factor type
Choose from passkey, TOTP authenticator app, or recovery codes depending on preference and policy requirements.
Complete setup
Follow the guided setup flow — create a passkey with biometrics, scan a QR code for TOTP, or generate and save recovery codes.
Register additional factors
Add extra factors for redundancy, such as a second passkey on another device plus TOTP as a backup method.
Policy configuration
Define MFA requirements declaratively with flexible policy options including grace periods and role-specific factor requirements.
{
"requirement": "required",
"allowed_methods": ["passkey", "totp"],
"grace_period_days": 30,
"require_passkey_for_admins": true
}
Granular policy levels
Tenant-level
Set a baseline MFA policy that applies to every user in your tenant. Ideal for organizations with uniform security requirements across the board.
Group-level
Override the tenant default for specific groups such as Admins or Finance. Group policies let you enforce stricter factor types or re-authentication intervals where needed.
User-level
Apply individual exceptions or elevated requirements for specific users. User-level policies take the highest precedence, overriding both tenant and group settings.
Frequently asked questions
Can we require MFA for all users? +
Yes. You can enforce MFA at the tenant level (all users must enroll at least one factor), group level (e.g., "Admins" group requires MFA), or individual user level. Policies can be phased in gradually with grace periods.
What happens if a user loses access to all their MFA factors? +
Users receive recovery codes during MFA enrollment, which they should store securely. If all factors and recovery codes are lost, administrators can manually reset MFA enrollment from the admin dashboard, optionally requiring identity verification first.
Do passkeys count as MFA? +
Yes. Passkeys inherently combine possession (the device) and inherence (biometric or PIN), meeting multi-factor authentication requirements in a single step. This is recognized by most compliance frameworks.