Introduction

This guide will show you how to enable Dynamic’s Account level multi-factor authentication in your app.
Dynamic offers two different types of multi-factor authentication: account level and transaction level. At the account level, users must complete 2FA on login, while at the transaction level, they must complete 2FA when creating a transaction.You can learn more about transaction-level multi-factor authentication here.(And yes, we know it might be a bit confusing. Just remember: one MFA is for logging in, the other is for doing stuff after logging in. Think of it like locking your front door and then locking the safe inside!)

Supported methods

Dynamic currently supports these Account level methods:
  • Authenticator app (e.g. Google Authenticator or Authy)
  • Passkeys (coming soon for 1FA, 2FA & signing)

Setup

  1. Make sure you are on the latest Dynamic packages
  2. Go to the Security page in your developer Dashboard.
  3. In the Account MFA section, enable the Authenticator Apps toggle, then click Save Changes.
  4. Optionally, you can require users to MFA on signup by clicking on the settings gear to the right of the Authenticator Apps toggle, then toggle on “Require at onboarding”
That’s it! Make sure you are using the same environment id from the SDK & API Keys page in your app. When you sign in to your app, you will be prompted to MFA if you toggled on “Require at onboarding”, otherwise you will be able to optionally add MFA from the user profile section of the Dynamic widget.

Supporting users who lose access to their Authenticator App

Please ensure you only delete MFA devices after confirming the identity of your end users.
In the event that one of your users contacts you that they lost access to their authenticator device, you can delete their device by going to the User Management table.
  1. Go to the User Management table.
  2. Find the user by searching based on email, username, or other verified credentials.
  3. Open the details panel and click the button to delete the authenticator devices.
  4. If MFA is required, then on the next login the user will be required to register a new device. Otherwise, the user can optionally add a device after logging in.