Step-up security

Require fresh proof before risky changes

Use this pattern when a signed-in session is not enough. Users get clear risk context, method choice, and a short-lived unlock for the exact action.

Session trustedToken expires in 5m
High risk Blocked

Disable multi-factor authentication

Removes the extra sign-in challenge for this account.

Allowed methods

passkey, totp, password

Server policy

Fresh verification required

Audit level

Actor, device, result

Medium risk Needs proof

Export customer data

Creates a downloadable file containing workspace contacts and activity.

Allowed methods

passkey, totp

Server policy

Audit log entry created

Audit level

Actor, device, result

High risk Blocked

Rotate production API key

Invalidates the active key and reveals a one-time replacement secret.

Allowed methods

passkey, password

Server policy

Webhook owners notified

Audit level

Actor, device, result

Verify to disable multi-factor authentication

Choose an approved method for this action. Successful verification issues a short-lived token for this exact change.

Disable multi-factor authentication

Removes the extra sign-in challenge for this account.

High

Use device passkey

Uses the platform authenticator on this device.

Uses the platform authenticator on this device.

Uses the platform authenticator on this device.

Challenge expires4m 42s
Fresh proofRequired
ResultWaiting