Enrollment

At the end of this guide, you will have a complete 2FA enrollment flow where users can enable, disable, and manage two-factor authentication from their profile page.

The enrollment component provides the full two-factor lifecycle. Users scan a QR code (or enter the secret manually), then verify by entering a 6-digit code from their authenticator app. Upon successful verification, 10 single-use recovery codes are generated and displayed once. Users can also disable 2FA and regenerate recovery codes.

The component includes:

• 2FA section on the profile page showing current state
• QR code enrollment page with manual secret fallback
• Code verification to activate 2FA
• One-time recovery codes display after enrollment
• Disable two-factor authentication
• Recovery code regeneration