# Require multi-factor authentication (MFA) on mobile

You can now require multi-factor authentication (MFA) across your iOS and Android authentication flows with a single toggle.

This applies to both new users during sign-up and existing users when they sign in, ensuring MFA is completed before access is granted.

## What's new

Requiring multi-factor authentication (MFA) now works end-to-end in prebuilt authentication flows for iOS and Android.

If a session is created in a pending state with a `setup-mfa` task, the SDK automatically routes users to the dedicated MFA setup flow instead of completing sign-in. Users can set up one of your enabled MFA methods, including Authenticator app (TOTP) and SMS verification code.

## Getting started

To require MFA in your mobile application:

1. Navigate to [Multi-factor](https://dashboard.clerk.com/~/user-authentication/multi-factor) in the Clerk Dashboard.
2. Enable one or more MFA strategies (Authenticator app or SMS verification code).
3. Turn on **Require multi-factor authentication**.

Once enabled, new users are prompted to set up MFA during sign-up, and existing users without MFA are prompted the next time they sign in.

To learn more, visit the [setup MFA guide](https://clerk.com/docs/guides/configure/auth-strategies/sign-up-sign-in-options.md#multi-factor-authentication).