diff --git a/src/main/java/net/siegeln/cameleer/saas/config/PublicConfigController.java b/src/main/java/net/siegeln/cameleer/saas/config/PublicConfigController.java
index 6973b2b..22417cc 100644
--- a/src/main/java/net/siegeln/cameleer/saas/config/PublicConfigController.java
+++ b/src/main/java/net/siegeln/cameleer/saas/config/PublicConfigController.java
@@ -2,6 +2,7 @@ package net.siegeln.cameleer.saas.config;
 
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import net.siegeln.cameleer.saas.vendor.VendorAuthPolicyRepository;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Value;
@@ -25,6 +26,11 @@ public class PublicConfigController {
     private String spaClientId;
 
     private final ObjectMapper objectMapper = new ObjectMapper();
+    private final VendorAuthPolicyRepository vendorPolicyRepo;
+
+    public PublicConfigController(VendorAuthPolicyRepository vendorPolicyRepo) {
+        this.vendorPolicyRepo = vendorPolicyRepo;
+    }
 
     private static final List<String> SCOPES = List.of(
             "platform:admin",
@@ -61,11 +67,19 @@ public class PublicConfigController {
             endpoint = "http://localhost:3001";
         }
 
+        var policy = vendorPolicyRepo.getPolicy();
+        var vendorAuthPolicy = Map.of(
+                "mfaMode", policy.getMfaMode(),
+                "passkeyEnabled", policy.isPasskeyEnabled(),
+                "passkeyMode", policy.getPasskeyMode()
+        );
+
         return Map.of(
                 "logtoEndpoint", endpoint,
                 "logtoClientId", clientId != null ? clientId : "",
                 "logtoResource", apiResource,
-                "scopes", SCOPES
+                "scopes", SCOPES,
+                "vendorAuthPolicy", vendorAuthPolicy
         );
     }