Session-Based MFA requires users to complete an MFA challenge on every login. You can configure session-based MFA in the Dynamic dashboard, by toggling on the “Session-based MFA” option. You can also choose to make it mandatory or not, by toggling the “Require at onboarding” option.

Required vs Optional

  • Required If you make MFA required on onboarding, the user must have completed an MFA challenge on every login after this option is enabled. You, as a developer, will be responsible for checking if the user is missing MFA authentication and prompting them to complete an MFA challenge if required.
  • Optional If you don’t have MFA required on onboarding, the user will only be required to complete an MFA challenge on login if they have an MFA method registered. You, as a developer, will be responsible for checking if the user is missing MFA authentication and prompting them to complete an MFA challenge if required.

Checking if a user is missing session-based MFA authentication

import { getMfaMethods, isUserMissingMfaAuth } from '@dynamic-labs-sdk/client';

const onLogin = async () => {
  const isMissingMfaAuth = isUserMissingMfaAuth();

  if (!isMissingMfaAuth) {
    // you don't need to do anything here
    return;
  }

  // you should check if the has any registered MFA methods
  const mfaMethods = await getMfaMethods();
  const hasMfaMethods = mfaMethods.devices.length > 0 || mfaMethods.passkeys.length > 0;

  if (!hasMfaMethods) {
    // you should prompt the user to add a MFA method
  } else {
    // you should prompt the user to complete an MFA challenge
    // you can check the different methods they have registered and display the appropriate UI
  }
};