Skip to main content
Enrolling in MFA does not automatically verify the user for wallet operations. Once enrolled, subsequent wallet actions will require MFA verification. See the verification guides for how to complete MFA verification.
Enroll users in MFA using SMS, where they authenticate with a 6-digit code sent to their phone number.
If your app has enabled SMS as a possible login method, users will not be able to enroll SMS as a valid MFA method.SMS must either be used as a login method to secure user accounts, or as an MFA method for additional security on the users’ wallets, but cannot be used for both.

Setup

To enroll users in MFA with SMS, use the initEnrollmentWithSms and submitEnrollmentWithSms methods returned by the useMfaEnrollment hook:
import {useMfaEnrollment} from '@privy-io/react-auth';

const {initEnrollmentWithSms, submitEnrollmentWithSms} = useMfaEnrollment();

Initiating enrollment

First, prompt your user to enter the phone number they’d like to use for MFA. Then, call Privy’s initEnrollmentWithSms method. As a parameter, pass a JSON object with a phoneNumber field that contains the user’s provided phone number as a string.
// Prompt the user for their phone number
const phoneNumberInput = 'insert-phone-number-from-user';
// Send an enrollment code to their phone number
await initEnrollmentWithSms({phoneNumber: phoneNumberInput});
Once initEnrollmentWithSms is called with a valid phone number, Privy will send a 6-digit MFA enrollment code to the provided number. This method returns a Promise that will resolve to void if the code was successfully sent, or will reject with an error if there was an error sending the code (e.g. invalid phone number).

Completing enrollment

Next, prompt the user to enter the 6-digit code that was sent to their phone number, and use the submitEnrollmentWithSms method to complete enrollment. As a parameter, you must pass a JSON object with both the original phoneNumber that the user enrolled, and the mfaCode they received at that number.
// Prompt the user for the code sent to their phone number
const mfaCodeInput = 'insert-mfa-code-received-by-user';
await submitEnrollmentWithSms({
  phoneNumber: phoneNumberInput, // From above
  mfaCode: mfaCodeInput,
});
The component below serves as a reference implementation for how to enroll your users in MFA with SMS!
Example enrolling a phone number for MFA
import {useMfaEnrollment} from '@privy-io/react-auth';

export default function MfaEnrollmentWithSms() {
  const {initEnrollmentWithSms, submitEnrollmentWithSms} = useMfaEnrollment();

  const [phoneNumber, setPhoneNumber] = useState<string | null>(null);
  const [mfaCode, setMfaCode] = useState<string | null>(null);
  const [pendingMfaCode, setPendingMfaCode] = useState<boolean>(false);

  // Handler for when the user enters their phone number to enroll in MFA.
  const onEnteredPhoneNumber = () => {
    await initEnrollmentWithSms({phoneNumber: phoneNumber}); // Sends an MFA code to the `phoneNumber`
    setPendingMfaCode(true);
  }

  // Handler for when the user enters the MFA code sent to their phone number.
  const onEnteredMfaCode = () => {
    await submitEnrollmentWithSms({phoneNumber: phoneNumber, mfaCode: mfaCode});
    // See the error handling guide for details on how to handle errors
    setPendingMfaCode(false);
  }

  // If no MFA code has been sent yet, prompt the user for their phone number to enroll
  if (!pendingMfaCode) {
    // Input field for the user to enter the phone number they'd like to enroll for MFA
    return <>
      <input placeholder='(555) 555 5555' onChange={(event) => setPhoneNumber(event.target.value)}/>
      <button onClick={onEnteredPhoneNumber}>Enroll a Phone with MFA</button>
    </>;
  }

  // Input field for the user to enter the MFA code sent to their phone number
  return <>
    <input placeholder='123456' onChange={(event) => setMfaCode(event.target.value)}/>
    <button onClick={onEnteredMfaCode}>Submit Enrollment Code</button>
  </>;
}