All productsMulti-factor Authentication
Raise the bar for privileged actions, not the friction.
Passkeys, TOTP, security keys, recovery codes — enrolled once, enforced selectively. Step-up happens where it matters, not on every login screen.
Know who has what, at a glance.
Every user, every factor, every weak link. The admins who need passkeys have them. The viewers still on a password show up before auditors do.
Factor coverage — Acme Corp
847 users · 91% strong · 6% weak · policy: admins require passkey
user
role
factors
strength
Sarah Chen
Admin
PasskeyTOTPRecovery
strong
Marcus Johnson
Member
PasswordTOTP
ok
Priya Nair
Viewer
Password
weak
Tom Eriksson
Member
Passkey
ok
Lee Park
Admin
PasskeySecurity keyRecovery
strong
Factor inventory
Per-user factors
Strength score
Policy deltas
Enrollment nudge
Gate the dangerous actions, leave the rest alone.
Step-up lives in your product code. Delete a user, export audit, rotate a key — require passkey re-auth. Everything else keeps flowing. One policy, not thirty if-statements.
Step-up policy — privileged actions
6 actions gated · re-auth TTL 5 min
Edit policy
action
gate
requirement
risk
Settings · view
Session
—
low
Invoice · export
Step-up
TOTP
med
Billing · change plan
Step-up
Passkey
med
User · promote to admin
Step-up
Passkey
high
API key · rotate
Step-up
Passkey + note
high
Audit log · export
Step-up
Passkey
high
Step-up policy
Per-action gates
Re-auth TTL
Risk tiers
Audit on step-up
Pairs with
MFA is one layer. Here's what plugs in.
Authentication
Passkeys, social, magic links — the sign-in surface that MFA sits on top of.
Explore
RBAC & Permissions
Who can do what. MFA raises the bar before the permission check decides.
Explore
User Management
Factors, sessions, recovery — attached to the same user record your support team already reads.
Explore