Skip to Content
DocumentationAdmin Back-officeStep-up AuthOverview

Step-up Auth

⚡ 15 min total

Add an extra security layer to protect sensitive actions with Multi-Factor Authentication (MFA/2FA)

Works without Transcodes Login! Step-up MFA is a standalone feature. You can keep your existing authentication system (Firebase, Auth0, custom implementation, etc.) and just add MFA functionality on top

What is Step-up MFA?

Step-up MFA triggers additional authentication when users perform sensitive actions. Instead of requiring MFA on every login, you only ask for it when it matters:

  • Admin panel access
  • Financial transactions
  • User Account deletion
  • Subscription cancellation
  • Data exports or deletions

Supported MFA Methods:

  • TOTP (Google Authenticator, Authy, 1Password)
  • Email OTP (6-digit verification code)
  • Hardware Security Keys (YubiKey, FIDO2 keys)

Integration Steps

Step 1: PrerequisitesStep 2: Load the SDK (CDN or npm)Step 3: Open the MFA modalStep 4: Handle the MFA response

Quick start

Uses global transcodes after CDN load; with npm, import { openAuthIdpModal } after init.

// Trigger MFA before sensitive action
async function performSensitiveAction() {
  // 1. Request MFA verification
  const mfaResult = await transcodes.openAuthIdpModal({
    resource: 'sensitive_action',
    action: 'delete',
  });
 
  if (!mfaResult.success || !mfaResult.payload[0]?.success) {
    console.log('MFA verification failed or cancelled');
    return;
  }
 
  // 2. MFA verified - proceed with sensitive action
  console.log('MFA verified successfully');
 
  // 3. Perform the protected action
  await deleteUserData();
}

Use Cases

ActionWhy Step-up MFA?
Admin DashboardProtect settings even if login is compromised
Delete AccountConfirm user identity before irreversible action
Export DataPrevent unauthorized data downloads
Change PasswordVerify it’s really the account owner
Financial TransferBlock unauthorized transactions

Who Should Use This?

Step-up MFA fits: SaaS admin tools, payments, sensitive data workflows, and teams working toward SOC 2–style controls.

Get Started

Start with Step 1: Prerequisites

Last updated on
Bonus: Member consoleStep 1: Prerequisites