Since version 1.5.0 we support MFA based on external OIDC/SSO.
You can use Internal OIDC/SSO - called Internal MFA - to force Desktop & Mobile clients to authenticate with TOTP & Email codes and after that with session keys based on WireGuard Pre-Shared Keys (PSK). For more details about this, please refer to the architecture section.
