Olympus Documentation What is Olympus Architecture Repo Map License Glossary

Athena API Authentication Athena API Errors Athena API Pagination Athena Settings API SDK Settings API

Environment variables

MFA methods TOTP WebAuthn Backup codes Email/SMS code Step-up auth

ReferenceMFA methods

Backup codes

Pre-generated one-time codes the user prints/saves. Each can be used exactly once.

Lookup secrets / Recovery codes

Spec:

Provides AAL: AAL2

Summary

Pre-generated one-time codes the user prints/saves. Each can be used exactly once.

Strengths

Offline
Works without any device

Weaknesses

User must safely store them
Limited (typically 10-12 codes per generation)

Enrollment

Generated all at once. User saves them.

Recovery

These ARE the recovery story, paired with TOTP or WebAuthn as the user's break-glass.

Related

Identity, TOTP and WebAuthn
Identity, MFA policy
Identity, Sessions, AAL, refresh

WebAuthn

Cryptographic challenge-response with hardware (YubiKey, Touch ID) or passkeys.

Email/SMS code

Code sent to a verified channel (email or phone) and entered.

On this page

Lookup secrets / Recovery codes Summary Strengths Weaknesses Enrollment Recovery Related