General Setup
- Go to the Security page.
- In the Account MFA section, enable your desired methods (TOTP and/or Passkeys).
- (Optional) Toggle “Require at onboarding” to force MFA setup during signup.
- (Optional) Toggle “Session-based MFA” to require MFA for every new session.
- Click Save Changes.
Using our UI
Account-Based MFA
With account-based MFA, users must complete an MFA challenge on every login. The Dynamic Widget automatically handles the entire account-based MFA flow, including device registration, authentication, and recovery codes. No extra code is needed.Headless TOTP Guide
Build a custom TOTP experience with authenticator apps.
Headless Passkeys Guide
Implement a custom Passkey MFA flow for your application.
Action-Based MFA
Require users to complete MFA only for sensitive actions, like signing transactions or exporting private keys. This is more user-friendly while still protecting critical operations. The Dynamic Widget automatically prompts for MFA when a user attempts a protected action. No extra code is needed.Headless TOTP Guide
Build a custom TOTP experience with authenticator apps.
Headless Passkeys Guide
Implement a custom Passkey MFA flow for your application.
Using your UI
For full UI control, use our headless hooks to build a custom MFA experience. This approach is more complex but allows complete UI and flow customization. See our step-by-step guides for detailed instructions:Headless TOTP Guide
Build a custom TOTP experience with authenticator apps.
Headless Passkeys Guide
Implement a custom Passkey MFA flow for your application.
Device Management & Recovery
Users might need to delete an MFA device if it’s lost or replaced, or an admin may need to reset a user’s MFA.Device Management
Manage user MFA devices and recovery.