Require multi-factor authentication (MFA) on mobile
- Category
- Security
- Published
Enforce multi-factor authentication for all users in your iOS and Android applications.
You can now require multi-factor authentication (MFA) across your iOS and Android authentication flows with a single toggle.
This applies to both new users during sign-up and existing users when they sign in, ensuring MFA is completed before access is granted.
What's new
Requiring multi-factor authentication (MFA) now works end-to-end in prebuilt authentication flows for iOS and Android.
If a session is created in a pending state with a setup-mfa task, the SDK automatically routes users to the dedicated MFA setup flow instead of completing sign-in. Users can set up one of your enabled MFA methods, including Authenticator app (TOTP) and SMS verification code.
Getting started
To require MFA in your mobile application:
- Navigate to Multi-factor in the Clerk Dashboard.
- Enable one or more MFA strategies (Authenticator app or SMS verification code).
- Turn on Require multi-factor authentication.
Once enabled, new users are prompted to set up MFA during sign-up, and existing users without MFA are prompted the next time they sign in.
To learn more, visit the setup MFA guide.