Step-up MFA
⚡ 15 min totalAdd an extra security layer to protect sensitive actions with Multi-Factor Authentication (MFA/2FA).
Works without Transcodes Login! Step-up MFA is a standalone feature. You can keep your existing authentication system (Firebase, Auth0, custom implementation, etc.) and just add MFA functionality on top.
What is Step-up MFA?
Step-up MFA triggers additional authentication when users perform sensitive actions. Instead of requiring MFA on every login, you only ask for it when it matters:
- Admin panel access
- Financial transactions
- User Account deletion
- Subscription cancellation
- Data exports or deletions
Supported MFA Methods:
- TOTP (Google Authenticator, Authy, 1Password)
- Email OTP (6-digit verification code)
- Hardware Security Keys (YubiKey, FIDO2 keys)
Integration Steps
Quick Start Code
// Trigger MFA before sensitive action
async function performSensitiveAction() {
// 1. Request MFA verification
const mfaResult = await transcodes.openAuthMfaModal();
if (!mfaResult.success) {
console.log('MFA verification failed or cancelled');
return;
}
// 2. MFA verified - proceed with sensitive action
console.log('MFA verified successfully');
// 3. Perform the protected action
await deleteUserData();
}Use Cases
| Action | Why Step-up MFA? |
|---|---|
| Admin Dashboard | Protect settings even if login is compromised |
| Delete Account | Confirm user identity before irreversible action |
| Export Data | Prevent unauthorized data downloads |
| Change Password | Verify it’s really the account owner |
| Financial Transfer | Block unauthorized transactions |
Who Should Use This?
Step-up MFA is essential for: - SaaS platforms with admin dashboards - E-commerce with payment processing - Apps handling sensitive user data - Any platform requiring SOC2/compliance
Get Started
Ready to add MFA? Start with Step 1: Prerequisites
Last updated on