diff --git a/app/controllers/concerns/mfa_force_concern.rb b/app/controllers/concerns/mfa_force_concern.rb
index ca969bc086c..4c2c00aec30 100644
--- a/app/controllers/concerns/mfa_force_concern.rb
+++ b/app/controllers/concerns/mfa_force_concern.rb
@@ -19,7 +19,7 @@ module MfaForceConcern
   end
 
   def mfa_force_enabled?
-    ENV['REQUIRE_MULTI_FACTOR_AUTH'] == 'true'
+    mfa_config[:force_enabled]
   end
 
   def mfa_setup_allowed_paths?
@@ -36,4 +36,8 @@ module MfaForceConcern
 
     allowed_paths.any? { |path| request.path.start_with?(path) }
   end
+
+  def mfa_config
+    @mfa_config ||= Rails.application.config_for(:mfa)
+  end
 end
diff --git a/config/mfa.yml b/config/mfa.yml
new file mode 100644
index 00000000000..9e365ec9cea
--- /dev/null
+++ b/config/mfa.yml
@@ -0,0 +1,15 @@
+# Multi-Factor Authentication configuration
+default: &default
+  force_enabled: false
+
+development:
+  <<: *default
+  force_enabled: <%= ENV.fetch('REQUIRE_MULTI_FACTOR_AUTH', 'false') == 'true' %>
+
+test:
+  <<: *default
+  force_enabled: false
+
+production:
+  <<: *default
+  force_enabled: <%= ENV.fetch('REQUIRE_MULTI_FACTOR_AUTH', 'false') == 'true' %>