Action guide

Prove when a user turned on a second factor

POST/v1/events · user.mfa.enabled

Emit a `user.mfa.enabled` event the first time a user successfully verifies a second factor, TOTP, WebAuthn, SMS. Enterprise contracts often require MFA adoption reporting.

Start logging for free Open the playground

When to emit

Right after the first successful verification of the new second factor, not when the setup is just started.

Example payload

await recalled.events.create({
  action: "user.mfa.enabled",
  actor: { id: user.id, email: user.email },
  organization: user.organizationId,
  metadata: {
    method: "value",
    ip: "203.0.113.42"
  },
});

Metadata to include

Keep metadata flat and consistent across your service so it plays well with search and CSV exports.

Key	Purpose
`method`	totp, webauthn, sms, email
`ip`	Source IP address of the request

Suggested retention

Keep forever, this is rare, valuable and auditor-relevant.

Related actions

Log password changes

user.password.changed

Log user logins

user.login