Introduction
This guide will show you how to enable Dynamic’s Account level multi-factor authentication in your app.Dynamic offers two different types of multi-factor authentication: account level and transaction level. At the account level, users must complete 2FA on login, while at the transaction level, they must complete 2FA when creating a transaction.You can learn more about transaction-level multi-factor authentication here.(And yes, we know it might be a bit confusing. Just remember: one MFA is for logging in, the other is for doing stuff after logging in. Think of it like locking your front door and then locking the safe inside!)
Supported methods
Dynamic currently supports these Account level methods:- Authenticator app (e.g. Google Authenticator or Authy)
- Passkeys (coming soon)
- SMS (coming soon)
Setup
- Make sure you are on the latest Dynamic packages (V3)
- Go to the Security page in your developer Dashboard.
- In the Account MFA section, enable the Authenticator Apps toggle, then click Save Changes.
- Optionally, you can require users to MFA on signup by clicking on the settings gear to the right of the Authenticar Apps toggle, then toggle on “Require at onboarding”
Supporting users who lose access to their Authenticator App
Please ensure you only delete MFA devices after confirming the identity of your end users.
- Go to the User Management table.
- Find the user by searching based on email, username, or other verified credentials.
- Open the details panel and click the button to delete the authenticator devices.
- If MFA is required, then on the next login the user will be required to register a new device. Otherwise, the user can optionally add a device after logging in.