Learn how to render a card-based UI that lets users enroll, view, and delete their own multi-factor authentication factors using the My Account API.
The UserMFAMgmt component lets users enroll, view, and delete their own multi-factor authentication factors in a single card-based interface using the My Account API.It uses the My Account API’s authentication methods management capabilities to render a complete UI for managing a user’s authentication methods.With the UserMFAMgmt component, you do not need to orchestrate navigation, call API endpoints, or manage state.
The install command adds the component source into src/components/auth0/my-account/ along with all UI dependencies and the @auth0/universal-components-core dependency for shared utilities and Auth0 integration.
factorConfigUse factorConfig to show or grey-out specific factor types without editing the tenant configuration.
Each key is a factor type string; both fields are optional and default to true.Supported factor type keys: sms, otp, email, push-notification, webauthn-platform, webauthn-roaming, recovery-code.
visible render the factor row in the list (false to hide).
enabled render the factor row is interactive (false renders it greyed-out and non-interactive).
Triggered before an action executes. Return false (or a Promise resolving to false) to cancel.
onEnrollTriggers after a factor enrollment completes successfully. Use this to refresh related UI (for example, an account security score card) or send analytics.
onFetchTriggers after the component’s initial factor list load. Useful for showing or hiding adjacent UI that depends on whether the user has any enrolled factors.
onErrorActionTriggers when an enroll, delete, or confirm step fails. The action parameter identifies which stage errored: 'enroll' (initiating enrollment), 'confirm' (submitting the OTP or QR code), or 'delete'.
<UserMFAMgmt onErrorAction={(error, action) => { console.error(`MFA ${action} failed:`, error.message); toast.error(`Something went wrong while trying to ${action} your factor.`); }}/>
onBeforeActionTriggers before an action executes. Return false or a Promise that resolves to false to cancel the operation. The factorType parameter identifies which factor type is involved.
'delete' triggers before the built-in confirmation dialog is shown. Return false to cancel the deletion without ever showing the dialog.
'enroll' / 'confirm' use this for pre-flight checks (for example, rate limiting, policy checks).
<UserMFAMgmt onBeforeAction={async (action, factorType) => { if (action === "delete") { return await confirmDialog( `Remove your ${factorType} authenticator? You may be locked out if this is your only factor.` ); } return true; }}/>
Customization props let you adapt copy, validation rules, and styling without modifying source code.
Prop
Type
Description
customMessages
Partial<MFAMessages>
Override default UI text and translations.
styling
ComponentStyling<UserMFAMgmtClasses>
CSS variables and class overrides.
schema
{ email?: RegExp; phone?: RegExp }
Custom validation patterns for email and phone number input fields.
customMessagesCustomize all text and translations. Every field is optional.
Available Messages
Top-leveltitle, description, enabled (badge label on enrolled factors), no_active_mfa (empty state when showActiveOnly is true)Actionsenroll (enroll button label), delete (delete button label), enroll_factor (success message), remove_factor (success message), deleting (in-progress label), cancelDelete confirmationdelete_mfa_title, delete_mfa_contentPer factor type (replace {factor} with sms, otp, email, push-notification, webauthn-platform, webauthn-roaming, recovery-code) {factor}.title, {factor}.description, {factor}.button-textErrorserrors.factors_loading_error, errors.delete_factor, errors.failed
<UserMFAMgmt customMessages={{ title: "Two-Factor Authentication", description: "Add extra layers of security to protect your account.", no_active_mfa: "You haven't enrolled any authentication methods yet.", enroll: "Add method", delete_mfa_title: "Remove authentication method?", delete_mfa_content: "You will no longer be able to use this method to verify your identity.", sms: { title: "Text message (SMS)", description: "Receive a one-time code via text message.", }, otp: { title: "Authenticator app", description: "Use Google Authenticator, Authy, or any TOTP app.", }, errors: { factors_loading_error: "Unable to load your security methods.", }, }}/>
Customize styleCustomize appearance with CSS variables and class overrides. Supports light/dark themes.
Available Styling Options
Variables—CSS custom properties
common Applied to both themes
light Light mode only
dark Dark mode only
Class overrides
UserMFAMgmt-card the outer card wrapping the factor list
UserMFASetupForm-dialogContent the enrollment multi-step dialog content area
DeleteFactorConfirmation-dialogContent the delete confirmation dialog content area
schemaOverride the built-in regex patterns used to validate user input during enrollment. Both fields are optional; unset fields keep their default patterns.
email validates the email address entered during email-OTP enrollment (default: standard RFC-5322-style pattern).
phone validates the phone number entered during SMS enrollment (default: accepts international E.164 format).
<UserMFAMgmt schema={{ // Restrict to company domain only email: /^[a-zA-Z0-9._%+-]+@example\.com$/, // US numbers only phone: /^\+1[2-9]\d{2}[2-9]\d{6}$/, }}/>