Enrollment
At the end of this guide, you will have a complete 2FA enrollment flow where users can enable, disable, and manage two-factor authentication from their profile page.
The enrollment component provides the full two-factor lifecycle. Users scan a QR code (or enter the secret manually), then verify by entering a 6-digit code from their authenticator app. Upon successful verification, 10 single-use recovery codes are generated and displayed once. Users can also disable 2FA and regenerate recovery codes.
The component includes:
- 2FA section on the profile page showing current state
- QR code enrollment page with manual secret fallback
- Code verification to activate 2FA
- One-time recovery codes display after enrollment
- Disable two-factor authentication
- Recovery code regeneration
This guide requires you to complete the Two-Factor Setup, Profile management, and Change password guides first. The 2FA section on the profile page is added below the change password form, so both must already exist.