Progressive rollout

Feature Toggles for Authentication

Control which security experiences—magic links, email verification, 2FA—are available globally, for specific tenants, and for individual organizations. This flow keeps compliance in the hands of your super admin while letting customers self-serve when permitted.

Hierarchy

Super admin programs baselineOwns the master switches. A dedicated /admin/login route requiring the SUPER_ADMIN role controls magic links, verification, 2FA, and restore flows.Seed an operator with npm run seed:admin and protect routes with requireSuperAdmin() so only platform staff can change defaults.
Tenant owners tune organizationsTenant admins inherit the baseline and decide which experiences stay on for their organization. Locked toggles reflect super admin restrictions.Persist tenant preferences and feed them into configure({ tenant }) or createAuthCoreServer({ tenant }) for every request.
Feature matrix applied to auth flowsAuthCore resolves tenant flags and assembles the experience: magic link button, verification prompts, 2FA challenge, restore steps, or password fallback.Combine tenant metadata with your adapters so every API and component respects the chosen feature mix.
Profile toggles (personal preference)Users can opt-in or out of extra experiences—magic link first, extra device checks—when policy allows it. Store the choice with profile metadata and feed it back into your adapters.Use translation keys under profile.security.* for accessible copy in every locale.

Super admin login route

Create a dedicated route for platform operators. It should skip tenant resolution and require the SUPER_ADMIN role. A quick example using the built-in AuthForm:

pages/admin/login.tsx

Persist global defaults

Use the configure() helper or the AdminSettings component to store defaults. These values cascade to tenants on the next request.

pages/api/admin/features.ts

Tenant overrides

Tenant administrators use the SecuritySettings component to opt into the experiences permitted by the platform. Persist those decisions and hydrate AuthCore with them during session evaluation.

components/TenantSecurityPanel.tsx

The locks prop prevents tenants from enabling features the super admin disabled.

Profile preferences

Feature toggles do not need to be binary. Combine tenant defaults with per-user preferences so power users can choose their preferred auth journey. Reuse your profile tabs or the ProfileSecurityCard helper to keep messaging consistent across locales.

pages/api/profile/magic-link.ts

Persist the preference next to other profile metadata so adapters can honour it during session creation.