Step-up MFA

Add an extra security layer to protect sensitive actions with Multi-Factor Authentication (MFA/2FA)

What is Step-up MFA?

Step-up MFA triggers additional authentication when users perform sensitive actions. Instead of requiring MFA on every login, you only ask for it when it matters:

• Admin panel access
• Financial transactions
• User Account deletion
• Subscription cancellation
• Data exports or deletions

Supported MFA Methods:

• TOTP (Google Authenticator, Authy, 1Password)
• Email OTP (6-digit verification code)
• Hardware Security Keys (YubiKey, FIDO2 keys)

Integration Steps

Quick start

Uses global transcodes after CDN load; with npm, import { openAuthIdpModal } after init.

// Trigger MFA before sensitive action
async function performSensitiveAction() {
  // 1. Request MFA verification
  const mfaResult = await transcodes.openAuthIdpModal({
    resource: 'sensitive_action',
    action: 'delete',
  });
 
  if (!mfaResult.success || !mfaResult.payload[0]?.success) {
    console.log('MFA verification failed or cancelled');
    return;
  }
 
  // 2. MFA verified - proceed with sensitive action
  console.log('MFA verified successfully');
 
  // 3. Perform the protected action
  await deleteUserData();
}

Use Cases

Who Should Use This?

Get Started