Logto product update: MFA, signing key rotation, and custom domain for all plans

November 14, 20233 min read
Logto product update: MFA, signing key rotation, and custom domain for all plans

We are excited to let you know that multi-factor authentication (MFA) is now available in Logto Cloud and OSS!

This feature is one of the most requested features from our community. Alongside this, we've implemented several security and user experience improvements. Let's dive in!

Multi-factor authentication (MFA)

Did you know using multi-factor authentication (MFA) blocks a whopping 99.9% of account hacks? Now you can activate MFA with just one click and take control of the user security. We've made it easy to customize the sign-in experience with these methods:

  • Authenticator app OTP: users can add any authenticator app that supports the TOTP standard, such as Google Authenticator, Duo, etc.
  • WebAuthn (Passkey): users can use the standard WebAuthn protocol to register a hardware security key, such as biometric keys, Yubikey, etc.
  • Backup codes: users can generate a set of backup codes to use when they don't have access to other MFA methods.
MFA integration with one-click

For a smooth transition, we also support to configure the MFA policy to require MFA for sign-in experience, or to allow users to opt-in to MFA.

Check out our One-click MFA integration blog post to learn more.

Now, on the Settings page, you can easily rotate the private key and cookie key with a few clicks. This feature is especially handy when you want to enhance security by periodically rotating keys.

This is a cloud-only feature.

By default, Logto employs the EC signing algorithm for JWT tokens, ensuring security with a shorter signature. However, for developers preferring the RS signing algorithm, the option is available when rotating the private key.

To learn more about JWT and signing algorithms, we recommend reading these blog posts:

Custom domain for all plans

We're making custom domain available for free across all plans! This feature will be rolling out in the upcoming days. Feel free to reach out if you have any questions.

New API references website

We've revamped our API references website by adopting bump.sh. It not only looks better from our perspective but we hope you'll find it appealing too! Check it out here.

Work in progress

Organizations and enterprise single sign-on (SSO) functionalities are on the horizon. With Logto, creating multi-tenancy applications and becoming enterprise-ready will not be a business blocker anymore.