Skip to main content
Paid Feature

This is a paid feature.

For self hosted users, Sign up to get a license key and follow the instructions sent to you by email. Using the dev license key is free. We only start charging you once you enable the feature in production using the provided production license key.

For managed service users, you can click on the "enable paid features" button on our dashboard, and follow the steps from there on. Once enabled, this feature is free on the provided development environment.



  • Add Email or SMS based OTP as an auth factor.
  • Add TOTP (Google authenticator app) as an auth factor.
  • Allow access to APIs only if multi factor auth has been completed.
  • Allow access to frontend routes only if multi factor auth has been completed.
  • Use your custom UI or our pre built UI for the second factor auth.
  • Allow individual users to choose if they want to enable multi factor auth or not.
  • Step up authentication
  • Separate MFA config per tenant
  • You can customise the MFA recipe to also add:
    • Account recovery using backup codes
    • Skipping MFA for trusted devices for a period of time.

Demo application#

You can download our example app that uses our pre built UI using the following command:

npx create-supertokens-app@latest --recipe=multifactorauth

It showcases MFA wherein the user is asked to pick one of TOTP, email OTP or phone OTP during sign up to be the secondary factor, and sets that up for them. On every subsequent sign in, then will be asked to complete the MFA challenge based on their choice.

Looking for older versions of the documentation?
Which UI do you use?
Custom UI
Pre built UI