Action-Based MFA requires users to complete an MFA challenge on every sensitive action that was selected to be protected. You can configure action-based MFA in the Dynamic dashboard, by toggling on which actions you want to protect in the “Action-based MFA” option. You can also choose to make it mandatory or not, by toggling the “Require at onboarding” option.

Required vs Optional

  • Required If you make MFA required on onboarding, the user must complete an MFA challenge before being able to perform each of the protected actions. You, as a developer, will be responsible for checking if the user is missing MFA authentication for that action, and prompting them to complete an MFA challenge if required.
  • Optional If you don’t have MFA required on onboarding, the user will only be required to complete an MFA challenge before being able to perform each of the protected actions if they have an MFA method registered. You, as a developer, will be responsible for checking if the user is missing MFA authentication for that action, and prompting them to complete an MFA challenge if required.

Checking if a user is missing MFA authentication for a sensitive action

In this example, we’re trying to export the wallet private key. 
import { isMfaRequiredForAction, type MFAAction } from '@dynamic-labs-sdk/client';
import { exportWaasPrivateKey } from '@dynamic-labs-sdk/client/waas';

const onExportPrivateKeyClick = async () => {
  const isMfaRequired = isMfaRequiredForAction({ mfaAction: MFAAction.WalletWaasExport });

  if (isMfaRequired) {
    // you should prompt the user to complete an MFA challenge
    // e.g.: await completeMfaAuth();
  }

  // then you can perform the action
  await exportWaasPrivateKey(params);
};