Action-Based MFA

​

Dashboard Setup

1. Go to the Security page.
2. In the Action MFA section, enable your desired methods (TOTP and/or Passkeys).
3. (Optional) Toggle “Require at onboarding” to force MFA setup during signup.
4. Choose which events you want to protect with MFA and toggle them on.

​

Events that trigger Action-Based MFA

• Waas Export - When exporting a private key on an MPC wallet.
• Waas Refresh - When a wallet is delegated, or when a user claims a pregenerated MPC wallet for the first time.
• WaaS Sign - When any signature is performed i.e. a message, a transaction, typed data, authorization, etc.
• WaaS Reshare - When a wallet is approved or revoked from delegated access and the user next signs in.

​

Your UI SDK Implementation

import { isMfaRequiredForAction, authenticateTotpMfaDevice, MFAAction } from '@dynamic-labs-sdk/client';

const onExportPrivateKeyClick = async () => {
  const required = await isMfaRequiredForAction({ mfaAction: MFAAction.WalletWaasExport });
  if (required) {
    await authenticateTotpMfaDevice({ code: '123456', createMfaTokenOptions: { singleUse: true } });
  }
  await exportWaasPrivateKey(params);
};

import { isMfaRequiredForAction, authenticatePasskeyMFA, MFAAction } from '@dynamic-labs-sdk/client';

const onExportPrivateKeyClick = async () => {
  const required = await isMfaRequiredForAction({ mfaAction: MFAAction.WalletWaasExport });
  if (required) {
    await authenticatePasskeyMFA({ createMfaToken: { singleUse: true } });
  }
  await exportWaasPrivateKey(params);
};