--- descriptions: enroll_auth_factor: user_id: The unique ID of the user to enroll the auth factor. type: The type of the factor to enroll. The only available option is TOTP. totp_issuer: >- Your application or company name displayed in the user’s authenticator app. Defaults to your WorkOS team name. totp_user: >- The user’s account name displayed in their authenticator app. Defaults to the user’s email. totp_secret: >- The Base32-encoded shared secret for TOTP factors. This can be provided when creating the auth factor, otherwise it will be generated. The algorithm used to derive TOTP codes is sha1, the code length is 6 digits, and the timestep is 30 seconds – the secret must be compatible with these parameters. factor: >- The [authentication factor](/reference/authkit/mfa/authentication-factor) object that represents the additional authentication method used on top of the existing authentication strategy. challenge: >- The [authentication challenge](/reference/authkit/mfa/authentication-challenge) object that is used to complete the authentication process. reference: curl: - key: enroll_auth_factor id: enroll_auth_factor url: /reference/authkit/mfa/enroll-auth-factor title: '/user_management/users/:id/auth_factors' type: POST parameters: - key: id type: string description: (enroll_auth_factor.user_id) - key: type type: '"totp"' description: (enroll_auth_factor.type) - key: totp_issuer type: string optional: true description: (enroll_auth_factor.totp_issuer) - key: totp_user optional: true type: string description: (enroll_auth_factor.totp_user) - key: totp_secret optional: true type: string description: (enroll_auth_factor.totp_secret) returns: - key: anonymous type: object unwrap: true properties: - key: challenge type: authentication_challenge description: (enroll_auth_factor.challenge) - key: factor type: authentication_factor description: (enroll_auth_factor.factor) js: - key: enrollAuthFactor id: enroll_auth_factor url: /reference/authkit/mfa/enroll-auth-factor title: userManagement.enrollAuthFactor() parameters: - key: options type: object unwrap: true properties: - key: userId type: string description: (enroll_auth_factor.user_id) - key: type type: '"totp"' description: (enroll_auth_factor.type) - key: totpIssuer optional: true type: string description: (enroll_auth_factor.totp_issuer) - key: totpUser optional: true type: string description: (enroll_auth_factor.totp_user) - key: totpSecret optional: true type: string description: (enroll_auth_factor.totp_secret) returns: - key: anonymous type: object unwrap: true properties: - key: authenticationChallenge type: Challenge description: (enroll_auth_factor.challenge) - key: authenticationFactor type: Factor description: (enroll_auth_factor.factor) python: - key: enroll_auth_factor id: enroll_auth_factor url: /reference/authkit/mfa/enroll-auth-factor title: user_management.enroll_auth_factor() parameters: - key: user_id type: str description: (enroll_auth_factor.user_id) - key: type type: '"totp"' description: (enroll_auth_factor.type) - key: totp_issuer type: str optional: true description: (enroll_auth_factor.totp_issuer) - key: totp_user optional: true type: str description: (enroll_auth_factor.totp_user) - key: totp_secret optional: true type: string description: (enroll_auth_factor.totp_secret) returns: - key: anonymous type: AuthenticationFactorTotpAndChallengeResponse unwrap: true properties: - key: authentication_challenge type: AuthenticationChallenge description: (enroll_auth_factor.challenge) - key: authentication_factor type: AuthenticationFactorTotpExtended description: (enroll_auth_factor.factor) go: - key: EnrollAuthFactor id: enroll_auth_factor url: /reference/authkit/mfa/enroll-auth-factor title: usermanagement.EnrollAuthFactor() parameters: - (ctx) - key: opts type: usermanagement.EnrollAuthFactorOpts unwrap: true properties: - key: User type: string description: (enroll_auth_factor.user_id) - key: Type type: '"totp"' description: (enroll_auth_factor.type) - key: TOTPIssuer type: string optional: true description: (enroll_auth_factor.totp_issuer) - key: TOTPUser optional: true type: string description: (enroll_auth_factor.totp_user) - key: TOTPSecret optional: true type: string description: (enroll_auth_factor.totp_secret) returns: - key: response type: EnrollAuthFactorResponse unwrap: true properties: - key: Challenge type: Challenge description: (enroll_auth_factor.challenge) - key: Factor type: Factor description: (enroll_auth_factor.factor) - (err) php: - key: enrollAuthFactor id: enroll_auth_factor url: /reference/authkit/mfa/enroll-auth-factor title: $userManagement->enrollAuthFactor() parameters: - key: id type: string description: (enroll_auth_factor.user_id) - key: type type: string description: (enroll_auth_factor.type) - key: totpIssuer type: string optional: true description: (enroll_auth_factor.totp_issuer) - key: totpUser optional: true type: string description: (enroll_auth_factor.totp_user) - key: totpSecret optional: true type: string description: (enroll_auth_factor.totp_secret) returns: - key: anonymous type: object unwrap: true properties: - key: authenticationChallenge type: Challenge description: (enroll_auth_factor.challenge) - key: authenticationFactor type: Factor description: (enroll_auth_factor.factor) ruby: - key: enroll_auth_factor id: enroll_auth_factor url: /reference/authkit/mfa/enroll-auth-factor title: UserManagement.enroll_auth_factor() parameters: - key: user_id type: String description: (enroll_auth_factor.user_id) - key: type type: '"totp"' description: (enroll_auth_factor.type) - key: totp_issuer optional: true type: String description: (enroll_auth_factor.totp_issuer) - key: totp_user optional: true type: String description: (enroll_auth_factor.totp_user) - key: totp_secret optional: true type: string description: (enroll_auth_factor.totp_secret) returns: - key: anonymous type: object unwrap: true properties: - key: authentication_challenge type: Challenge description: (enroll_auth_factor.challenge) - key: authentication_factor type: Factor description: (enroll_auth_factor.factor) java: - key: enrollAuthFactor id: enroll_auth_factor url: /reference/authkit/mfa/enroll-auth-factor title: userManagement.enrollAuthFactor() parameters: - key: id type: String description: (enroll_auth_factor.user_id) - key: options type: EnrolledAuthenticationFactorOptions optional: true unwrap: true properties: - key: type type: '"totp"' description: (enroll_auth_factor.type) - key: totpIssuer optional: true type: String description: (enroll_auth_factor.totp_issuer) - key: totpUser optional: true type: String description: (enroll_auth_factor.totp_user) - key: totpSecret optional: true type: string description: (enroll_auth_factor.totp_secret) returns: - key: anonymous type: EnrolledAuthenticationFactor unwrap: true properties: - key: challenge type: AuthenticationChallenge description: (enroll_auth_factor.challenge) - key: factor type: AuthenticationFactor description: (enroll_auth_factor.factor) originalPath: >- .tmp-workos-clone/packages/docs/content/reference/authkit/mfa/enroll-auth-factor.mdx --- ## Enroll an authentication factor Enrolls a user in a new authentication factor.