diff --git a/.changeset/cold-clowns-fix.md b/.changeset/cold-clowns-fix.md
new file mode 100644
index 00000000000..98658a7e261
--- /dev/null
+++ b/.changeset/cold-clowns-fix.md
@@ -0,0 +1,9 @@
+---
+'@clerk/localizations': minor
+'@clerk/clerk-js': minor
+'@clerk/nextjs': minor
+'@clerk/clerk-react': minor
+'@clerk/shared': minor
+---
+
+Introduces MFA setup session task for handling require MFA after sign-in and sign-up
diff --git a/integration/presets/envs.ts b/integration/presets/envs.ts
index 844b91663d6..0629ca25514 100644
--- a/integration/presets/envs.ts
+++ b/integration/presets/envs.ts
@@ -157,6 +157,12 @@ const withSessionTasksResetPassword = base
   .setEnvVariable('private', 'CLERK_SECRET_KEY', instanceKeys.get('with-session-tasks-reset-password').sk)
   .setEnvVariable('public', 'CLERK_PUBLISHABLE_KEY', instanceKeys.get('with-session-tasks-reset-password').pk);
 
+const withSessionTasksSetupMfa = base
+  .clone()
+  .setId('withSessionTasksSetupMfa')
+  .setEnvVariable('private', 'CLERK_SECRET_KEY', instanceKeys.get('with-session-tasks-setup-mfa').sk)
+  .setEnvVariable('public', 'CLERK_PUBLISHABLE_KEY', instanceKeys.get('with-session-tasks-setup-mfa').pk);
+
 const withBillingJwtV2 = base
   .clone()
   .setId('withBillingJwtV2')
@@ -210,6 +216,7 @@ export const envs = {
   withReverification,
   withSessionTasks,
   withSessionTasksResetPassword,
+  withSessionTasksSetupMfa,
   withSignInOrUpEmailLinksFlow,
   withSignInOrUpFlow,
   withSignInOrUpwithRestrictedModeFlow,
diff --git a/integration/presets/longRunningApps.ts b/integration/presets/longRunningApps.ts
index a5acc533fc6..f3d9a8739a5 100644
--- a/integration/presets/longRunningApps.ts
+++ b/integration/presets/longRunningApps.ts
@@ -32,6 +32,7 @@ export const createLongRunningApps = () => {
     { id: 'next.appRouter.withSignInOrUpEmailLinksFlow', config: next.appRouter, env: envs.withSignInOrUpEmailLinksFlow },
     { id: 'next.appRouter.withSessionTasks', config: next.appRouter, env: envs.withSessionTasks },
     { id: 'next.appRouter.withSessionTasksResetPassword', config: next.appRouter, env: envs.withSessionTasksResetPassword },
+    { id: 'next.appRouter.withSessionTasksSetupMfa', config: next.appRouter, env: envs.withSessionTasksSetupMfa },
     { id: 'next.appRouter.withLegalConsent', config: next.appRouter, env: envs.withLegalConsent },
 
     /**
diff --git a/integration/tests/session-tasks-setup-mfa.test.ts b/integration/tests/session-tasks-setup-mfa.test.ts
new file mode 100644
index 00000000000..1bdb3c1e8f7
--- /dev/null
+++ b/integration/tests/session-tasks-setup-mfa.test.ts
@@ -0,0 +1,207 @@
+import { expect, test } from '@playwright/test';
+
+import { appConfigs } from '../presets';
+import { createTestUtils, testAgainstRunningApps } from '../testUtils';
+import { stringPhoneNumber } from '../testUtils/phoneUtils';
+import { fakerPhoneNumber } from '../testUtils/usersService';
+
+testAgainstRunningApps({ withEnv: [appConfigs.envs.withSessionTasksSetupMfa] })(
+  'session tasks setup-mfa flow @nextjs',
+  ({ app }) => {
+    test.describe.configure({ mode: 'parallel' });
+
+    test.afterAll(async () => {
+      await app.teardown();
+    });
+
+    test.afterEach(async ({ page, context }) => {
+      const u = createTestUtils({ app, page, context });
+      await u.page.signOut();
+      await u.page.context().clearCookies();
+    });
+
+    test('setup MFA with new phone number - happy path', async ({ page, context }) => {
+      const u = createTestUtils({ app, page, context });
+      const user = u.services.users.createFakeUser({
+        fictionalEmail: true,
+        withPassword: true,
+      });
+      await u.services.users.createBapiUser(user);
+
+      await u.po.signIn.goTo();
+      await u.po.signIn.waitForMounted();
+      await u.po.signIn.signInWithEmailAndInstantPassword({ email: user.email, password: user.password });
+      await u.po.expect.toBeSignedIn();
+
+      await u.page.goToRelative('/page-protected');
+
+      await u.page.getByText(/set up two-step verification/i).waitFor({ state: 'visible' });
+
+      await u.page.getByRole('button', { name: /sms code/i }).click();
+
+      const testPhoneNumber = fakerPhoneNumber();
+      await u.po.signIn.getPhoneNumberInput().fill(testPhoneNumber);
+      await u.page.getByRole('button', { name: /continue/i }).click();
+
+      await u.po.signIn.enterTestOtpCode();
+
+      await u.page.getByText(/save these backup codes/i).waitFor({ state: 'visible', timeout: 10000 });
+
+      await u.po.signIn.continue();
+
+      await u.page.waitForAppUrl('/page-protected');
+      await u.po.expect.toBeSignedIn();
+
+      await user.deleteIfExists();
+    });
+
+    test('setup MFA with existing phone number - happy path', async ({ page, context }) => {
+      const u = createTestUtils({ app, page, context });
+      const user = u.services.users.createFakeUser({
+        fictionalEmail: true,
+        withPhoneNumber: true,
+        withPassword: true,
+      });
+      await u.services.users.createBapiUser(user);
+
+      await u.po.signIn.goTo();
+      await u.po.signIn.waitForMounted();
+      await u.po.signIn.signInWithEmailAndInstantPassword({ email: user.email, password: user.password });
+      await u.po.expect.toBeSignedIn();
+
+      await u.page.goToRelative('/page-protected');
+
+      await u.page.getByText(/set up two-step verification/i).waitFor({ state: 'visible' });
+
+      await u.page.getByRole('button', { name: /sms code/i }).click();
+
+      const formattedPhoneNumber = stringPhoneNumber(user.phoneNumber);
+      await u.page
+        .getByRole('button', {
+          name: formattedPhoneNumber,
+        })
+        .click();
+
+      await u.page.getByText(/save these backup codes/i).waitFor({ state: 'visible', timeout: 10000 });
+
+      await u.po.signIn.continue();
+
+      await u.page.waitForAppUrl('/page-protected');
+      await u.po.expect.toBeSignedIn();
+
+      await user.deleteIfExists();
+    });
+
+    test('setup MFA with invalid phone number - error handling', async ({ page, context }) => {
+      const u = createTestUtils({ app, page, context });
+      const user = u.services.users.createFakeUser({
+        fictionalEmail: true,
+        withPassword: true,
+      });
+      await u.services.users.createBapiUser(user);
+
+      await u.po.signIn.goTo();
+      await u.po.signIn.waitForMounted();
+      await u.po.signIn.signInWithEmailAndInstantPassword({ email: user.email, password: user.password });
+      await u.po.expect.toBeSignedIn();
+
+      await u.page.goToRelative('/page-protected');
+
+      await u.page.getByText(/set up two-step verification/i).waitFor({ state: 'visible' });
+
+      await u.page.getByRole('button', { name: /sms code/i }).click();
+
+      const invalidPhoneNumber = '123091293193091311';
+      await u.po.signIn.getPhoneNumberInput().fill(invalidPhoneNumber);
+      await u.po.signIn.continue();
+      // we need to improve this error message
+      await expect(u.page.getByTestId('form-feedback-error')).toBeVisible();
+
+      const validPhoneNumber = fakerPhoneNumber();
+      await u.po.signIn.getPhoneNumberInput().fill(validPhoneNumber);
+      await u.po.signIn.continue();
+
+      await u.po.signIn.enterTestOtpCode();
+
+      await u.page.getByText(/save these backup codes/i).waitFor({ state: 'visible', timeout: 10000 });
+
+      await u.po.signIn.continue();
+
+      await u.page.waitForAppUrl('/page-protected');
+      await u.po.expect.toBeSignedIn();
+
+      await user.deleteIfExists();
+    });
+
+    test('setup MFA with invalid verification code - error handling', async ({ page, context }) => {
+      const u = createTestUtils({ app, page, context });
+      const user = u.services.users.createFakeUser({
+        fictionalEmail: true,
+        withPassword: true,
+      });
+      await u.services.users.createBapiUser(user);
+
+      await u.po.signIn.goTo();
+      await u.po.signIn.waitForMounted();
+      await u.po.signIn.signInWithEmailAndInstantPassword({ email: user.email, password: user.password });
+      await u.po.expect.toBeSignedIn();
+
+      await u.page.goToRelative('/page-protected');
+
+      await u.page.getByText(/set up two-step verification/i).waitFor({ state: 'visible' });
+
+      await u.page.getByRole('button', { name: /sms code/i }).click();
+
+      const testPhoneNumber = fakerPhoneNumber();
+      await u.po.signIn.getPhoneNumberInput().fill(testPhoneNumber);
+      await u.po.signIn.continue();
+
+      await u.po.signIn.enterOtpCode('111111', {
+        awaitPrepare: true,
+        awaitAttempt: true,
+      });
+
+      await expect(u.page.getByTestId('form-feedback-error')).toBeVisible();
+
+      await user.deleteIfExists();
+    });
+
+    test('can navigate back during MFA setup', async ({ page, context }) => {
+      const u = createTestUtils({ app, page, context });
+      const user = u.services.users.createFakeUser({
+        fictionalEmail: true,
+        withPhoneNumber: true,
+        withPassword: true,
+      });
+      await u.services.users.createBapiUser(user);
+
+      await u.po.signIn.goTo();
+      await u.po.signIn.waitForMounted();
+      await u.po.signIn.signInWithEmailAndInstantPassword({ email: user.email, password: user.password });
+      await u.po.expect.toBeSignedIn();
+
+      await u.page.goToRelative('/page-protected');
+
+      await u.page.getByText(/set up two-step verification/i).waitFor({ state: 'visible' });
+
+      await u.page.getByRole('button', { name: /sms code/i }).click();
+
+      const formattedPhoneNumber = stringPhoneNumber(user.phoneNumber);
+      await u.page
+        .getByRole('button', {
+          name: formattedPhoneNumber,
+        })
+        .waitFor({ state: 'visible' });
+
+      await u.page
+        .getByRole('button', { name: /cancel/i })
+        .first()
+        .click();
+
+      await u.page.getByText(/set up two-step verification/i).waitFor({ state: 'visible' });
+      await u.page.getByRole('button', { name: /sms code/i }).waitFor({ state: 'visible' });
+
+      await user.deleteIfExists();
+    });
+  },
+);
diff --git a/packages/clerk-js/bundlewatch.config.json b/packages/clerk-js/bundlewatch.config.json
index a055cc6954f..b4910821584 100644
--- a/packages/clerk-js/bundlewatch.config.json
+++ b/packages/clerk-js/bundlewatch.config.json
@@ -1,6 +1,6 @@
 {
   "files": [
-    { "path": "./dist/clerk.js", "maxSize": "928KB" },
+    { "path": "./dist/clerk.js", "maxSize": "929KB" },
     { "path": "./dist/clerk.browser.js", "maxSize": "87KB" },
     { "path": "./dist/clerk.legacy.browser.js", "maxSize": "129KB" },
     { "path": "./dist/clerk.headless*.js", "maxSize": "66KB" },
diff --git a/packages/clerk-js/src/core/clerk.ts b/packages/clerk-js/src/core/clerk.ts
index f6c18b85eee..100dc42d266 100644
--- a/packages/clerk-js/src/core/clerk.ts
+++ b/packages/clerk-js/src/core/clerk.ts
@@ -87,6 +87,7 @@ import type {
   SignUpResource,
   TaskChooseOrganizationProps,
   TaskResetPasswordProps,
+  TaskSetupMFAProps,
   TasksRedirectOptions,
   UnsubscribeCallback,
   UserAvatarProps,
@@ -1447,6 +1448,26 @@ export class Clerk implements ClerkInterface {
     void this.#componentControls.ensureMounted().then(controls => controls.unmountComponent({ node }));
   };
 
+  public mountTaskSetupMfa = (node: HTMLDivElement, props?: TaskSetupMFAProps) => {
+    this.assertComponentsReady(this.#componentControls);
+
+    void this.#componentControls.ensureMounted({ preloadHint: 'TaskSetupMFA' }).then(controls =>
+      controls.mountComponent({
+        name: 'TaskSetupMFA',
+        appearanceKey: 'taskSetupMfa',
+        node,
+        props,
+      }),
+    );
+
+    this.telemetry?.record(eventPrebuiltComponentMounted('TaskSetupMfa', props));
+  };
+
+  public unmountTaskSetupMfa = (node: HTMLDivElement) => {
+    this.assertComponentsReady(this.#componentControls);
+    void this.#componentControls.ensureMounted().then(controls => controls.unmountComponent({ node }));
+  };
+
   /**
    * `setActive` can be used to set the active session and/or organization.
    */
diff --git a/packages/clerk-js/src/core/resources/UserSettings.ts b/packages/clerk-js/src/core/resources/UserSettings.ts
index ed5951b7037..2c60f7e3445 100644
--- a/packages/clerk-js/src/core/resources/UserSettings.ts
+++ b/packages/clerk-js/src/core/resources/UserSettings.ts
@@ -127,6 +127,9 @@ export class UserSettings extends BaseResource implements UserSettingsResource {
     legal_consent_enabled: false,
     mode: 'public',
     progressive: true,
+    mfa: {
+      required: false,
+    },
   };
   social: OAuthProviders = {} as OAuthProviders;
   usernameSettings: UsernameSettingsData = {} as UsernameSettingsData;
diff --git a/packages/clerk-js/src/core/sessionTasks.ts b/packages/clerk-js/src/core/sessionTasks.ts
index 7c775022840..effa11659ef 100644
--- a/packages/clerk-js/src/core/sessionTasks.ts
+++ b/packages/clerk-js/src/core/sessionTasks.ts
@@ -9,6 +9,7 @@ import { buildURL, forwardClerkQueryParams } from '../utils';
 export const INTERNAL_SESSION_TASK_ROUTE_BY_KEY: Record<SessionTask['key'], string> = {
   'choose-organization': 'choose-organization',
   'reset-password': 'reset-password',
+  'setup-mfa': 'setup-mfa',
 } as const;
 
 /**
diff --git a/packages/clerk-js/src/test/fixture-helpers.ts b/packages/clerk-js/src/test/fixture-helpers.ts
index c22a879cb3b..133a63e5e40 100644
--- a/packages/clerk-js/src/test/fixture-helpers.ts
+++ b/packages/clerk-js/src/test/fixture-helpers.ts
@@ -586,6 +586,10 @@ const createUserSettingsFixtureHelpers = (environment: EnvironmentJSON) => {
     us.sign_up.mode = SIGN_UP_MODES.WAITLIST;
   };
 
+  const withMfaRequired = (required: boolean = true) => {
+    us.sign_up.mfa = { required };
+  };
+
   // TODO: Add the rest, consult pkg/generate/auth_config.go
 
   return {
@@ -606,5 +610,6 @@ const createUserSettingsFixtureHelpers = (environment: EnvironmentJSON) => {
     withRestrictedMode,
     withLegalConsent,
     withWaitlistMode,
+    withMfaRequired,
   };
 };
diff --git a/packages/clerk-js/src/test/fixtures.ts b/packages/clerk-js/src/test/fixtures.ts
index ada0f9775cd..49df934b769 100644
--- a/packages/clerk-js/src/test/fixtures.ts
+++ b/packages/clerk-js/src/test/fixtures.ts
@@ -208,6 +208,9 @@ const createBaseUserSettings = (): UserSettingsJSON => {
       captcha_enabled: false,
       disable_hibp: false,
       mode: 'public',
+      mfa: {
+        required: false,
+      },
     },
     restrictions: {
       allowlist: {
diff --git a/packages/clerk-js/src/ui/common/Wizard.tsx b/packages/clerk-js/src/ui/common/Wizard.tsx
index 77bd735452a..aee4cd4d8a4 100644
--- a/packages/clerk-js/src/ui/common/Wizard.tsx
+++ b/packages/clerk-js/src/ui/common/Wizard.tsx
@@ -4,6 +4,7 @@ import { Animated } from '../elements/Animated';
 
 type WizardProps = React.PropsWithChildren<{
   step: number;
+  animate?: boolean;
 }>;
 
 type UseWizardProps = {
@@ -26,7 +27,11 @@ export const useWizard = (params: UseWizardProps = {}) => {
 };
 
 export const Wizard = (props: WizardProps) => {
-  const { step, children } = props;
+  const { step, children, animate = true } = props;
+
+  if (!animate) {
+    return React.Children.toArray(children)[step];
+  }
 
   return <Animated>{React.Children.toArray(children)[step]}</Animated>;
 };
diff --git a/packages/clerk-js/src/ui/components/SessionTasks/index.tsx b/packages/clerk-js/src/ui/components/SessionTasks/index.tsx
index dc728a60c26..ba27873fcf0 100644
--- a/packages/clerk-js/src/ui/components/SessionTasks/index.tsx
+++ b/packages/clerk-js/src/ui/components/SessionTasks/index.tsx
@@ -12,11 +12,13 @@ import {
   SessionTasksContext,
   TaskChooseOrganizationContext,
   TaskResetPasswordContext,
+  TaskSetupMFAContext,
   useSessionTasksContext,
 } from '../../contexts/components/SessionTasks';
 import { Route, Switch, useRouter } from '../../router';
 import { TaskChooseOrganization } from './tasks/TaskChooseOrganization';
 import { TaskResetPassword } from './tasks/TaskResetPassword';
+import { TaskSetupMFA } from './tasks/TaskSetupMfa';
 
 const SessionTasksStart = () => {
   const clerk = useClerk();
@@ -50,6 +52,37 @@ const SessionTasksStart = () => {
 
 function SessionTasksRoutes(): JSX.Element {
   const ctx = useSessionTasksContext();
+  const clerk = useClerk();
+  const { navigate, currentPath } = useRouter();
+
+  // If there are no pending tasks, navigate away from the tasks flow.
+  // This handles cases where a user with an active session returns to the tasks URL,
+  // for example by using browser back navigation. Since there are no pending tasks,
+  // we redirect them to their intended destination.
+  useEffect(() => {
+    // Tasks can only exist on pending sessions, but we check both conditions
+    // here to be defensive and ensure proper redirection
+    const task = clerk.session?.currentTask;
+    if (!task || clerk.session?.status === 'active') {
+      if (ctx.redirectOnActiveSession?.current) {
+        void navigate(ctx.redirectUrlComplete);
+      }
+      return;
+    }
+
+    clerk.telemetry?.record(eventComponentMounted('SessionTask', { task: task.key }));
+  }, [clerk, currentPath, navigate, ctx.redirectUrlComplete, ctx.redirectOnActiveSession]);
+
+  if (!clerk.session?.currentTask && ctx.redirectOnActiveSession?.current) {
+    return (
+      <Card.Root>
+        <Card.Content sx={() => ({ flex: 1 })}>
+          <LoadingCardContainer />
+        </Card.Content>
+        <Card.Footer />
+      </Card.Root>
+    );
+  }
 
   return (
     <Flow.Root flow='tasks'>
@@ -68,6 +101,13 @@ function SessionTasksRoutes(): JSX.Element {
             <TaskResetPassword />
           </TaskResetPasswordContext.Provider>
         </Route>
+        <Route path={INTERNAL_SESSION_TASK_ROUTE_BY_KEY['setup-mfa']}>
+          <TaskSetupMFAContext.Provider
+            value={{ componentName: 'TaskSetupMFA', redirectUrlComplete: ctx.redirectUrlComplete }}
+          >
+            <TaskSetupMFA />
+          </TaskSetupMFAContext.Provider>
+        </Route>
         <Route index>
           <SessionTasksStart />
         </Route>
@@ -84,44 +124,9 @@ type SessionTasksProps = {
  * @internal
  */
 export const SessionTasks = withCardStateProvider(({ redirectUrlComplete }: SessionTasksProps) => {
-  const clerk = useClerk();
-  const { navigate } = useRouter();
-
-  const currentTaskContainer = useRef<HTMLDivElement>(null);
-
-  // If there are no pending tasks, navigate away from the tasks flow.
-  // This handles cases where a user with an active session returns to the tasks URL,
-  // for example by using browser back navigation. Since there are no pending tasks,
-  // we redirect them to their intended destination.
-  useEffect(() => {
-    // Tasks can only exist on pending sessions, but we check both conditions
-    // here to be defensive and ensure proper redirection
-    const task = clerk.session?.currentTask;
-    if (!task || clerk.session?.status === 'active') {
-      void navigate(redirectUrlComplete);
-      return;
-    }
-
-    clerk.telemetry?.record(eventComponentMounted('SessionTask', { task: task.key }));
-  }, [clerk, navigate, redirectUrlComplete]);
-
-  if (!clerk.session?.currentTask) {
-    return (
-      <Card.Root
-        sx={() => ({
-          minHeight: currentTaskContainer ? currentTaskContainer.current?.offsetHeight : undefined,
-        })}
-      >
-        <Card.Content sx={() => ({ flex: 1 })}>
-          <LoadingCardContainer />
-        </Card.Content>
-        <Card.Footer />
-      </Card.Root>
-    );
-  }
-
+  const redirectOnActiveSessionRef = useRef<boolean>(true);
   return (
-    <SessionTasksContext.Provider value={{ redirectUrlComplete }}>
+    <SessionTasksContext.Provider value={{ redirectUrlComplete, redirectOnActiveSession: redirectOnActiveSessionRef }}>
       <SessionTasksRoutes />
     </SessionTasksContext.Provider>
   );
diff --git a/packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskSetupMfa/SetupMfaStartScreen.tsx b/packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskSetupMfa/SetupMfaStartScreen.tsx
new file mode 100644
index 00000000000..b133b027c51
--- /dev/null
+++ b/packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskSetupMfa/SetupMfaStartScreen.tsx
@@ -0,0 +1,109 @@
+import type { VerificationStrategy } from '@clerk/shared/types';
+
+import { descriptors, Flex, Icon, type LocalizationKey, localizationKeys, Text } from '@/ui/customizables';
+import { Actions } from '@/ui/elements/Actions';
+import { Card } from '@/ui/elements/Card';
+import { useCardState, withCardStateProvider } from '@/ui/elements/contexts';
+import { Header } from '@/ui/elements/Header';
+import { PreviewButton } from '@/ui/elements/PreviewButton';
+import { AuthApp, Mobile } from '@/ui/icons';
+
+import { MFA_METHODS_TO_STEP } from './constants';
+import { SharedFooterActionForSignOut } from './shared';
+
+type SetupMfaStartScreenProps = {
+  availableMethods: VerificationStrategy[];
+  goToStep: (step: number) => void;
+};
+
+const METHOD_CONFIG: Record<'totp' | 'phone_code', { icon: JSX.Element; label: LocalizationKey }> = {
+  totp: {
+    icon: <Icon icon={AuthApp} />,
+    label: localizationKeys('taskSetupMfa.start.methodSelection.totp'),
+  },
+  phone_code: {
+    icon: <Icon icon={Mobile} />,
+    label: localizationKeys('taskSetupMfa.start.methodSelection.phoneCode'),
+  },
+};
+
+export const SetupMfaStartScreen = withCardStateProvider((props: SetupMfaStartScreenProps) => {
+  const { availableMethods, goToStep } = props;
+  const card = useCardState();
+
+  return (
+    <Card.Root>
+      <Card.Content sx={t => ({ padding: t.space.$none })}>
+        <Header.Root
+          showLogo
+          gap={4}
+          sx={t => ({
+            paddingTop: t.space.$8,
+            paddingLeft: t.space.$8,
+            paddingRight: t.space.$8,
+          })}
+        >
+          <Header.Title localizationKey={localizationKeys('taskSetupMfa.start.title')} />
+          <Header.Subtitle localizationKey={localizationKeys('taskSetupMfa.start.subtitle')} />
+        </Header.Root>
+        {card.error && (
+          <Flex sx={t => ({ paddingInline: t.space.$8 })}>
+            <Card.Alert>{card.error}</Card.Alert>
+          </Flex>
+        )}
+        <Actions
+          role='menu'
+          elementDescriptor={descriptors.taskSetupMfaMethodSelectionItems}
+          sx={t => ({
+            borderTopWidth: t.borderWidths.$normal,
+            borderTopStyle: t.borderStyles.$solid,
+            borderTopColor: t.colors.$borderAlpha100,
+          })}
+        >
+          {availableMethods.map(method => {
+            const methodConfig = METHOD_CONFIG[method as keyof typeof METHOD_CONFIG] ?? null;
+
+            if (!methodConfig) {
+              return null;
+            }
+
+            return (
+              <PreviewButton
+                elementDescriptor={descriptors.taskSetupMfaMethodSelectionItem}
+                hoverAsFocus
+                block
+                key={method}
+                onClick={() => {
+                  goToStep(MFA_METHODS_TO_STEP[method as keyof typeof MFA_METHODS_TO_STEP]);
+                }}
+              >
+                <Flex sx={t => ({ gap: t.space.$2, alignItems: 'center' })}>
+                  <Flex
+                    sx={t => ({
+                      borderRadius: t.radii.$circle,
+                      borderWidth: t.borderWidths.$normal,
+                      borderStyle: t.borderStyles.$solid,
+                      borderColor: t.colors.$avatarBorder,
+                      padding: t.space.$2,
+                      backgroundColor: t.colors.$neutralAlpha50,
+                    })}
+                  >
+                    {methodConfig.icon}
+                  </Flex>
+                  <Text
+                    variant='buttonLarge'
+                    localizationKey={methodConfig.label}
+                  />
+                </Flex>
+              </PreviewButton>
+            );
+          })}
+        </Actions>
+      </Card.Content>
+
+      <Card.Footer>
+        <SharedFooterActionForSignOut />
+      </Card.Footer>
+    </Card.Root>
+  );
+});
diff --git a/packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskSetupMfa/SmsCodeFlowScreen.tsx b/packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskSetupMfa/SmsCodeFlowScreen.tsx
new file mode 100644
index 00000000000..25c09f08fd4
--- /dev/null
+++ b/packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskSetupMfa/SmsCodeFlowScreen.tsx
@@ -0,0 +1,435 @@
+import { useReverification, useUser } from '@clerk/shared/react';
+import type { PhoneNumberResource, UserResource } from '@clerk/shared/types';
+import React, { useMemo, useRef } from 'react';
+
+import { useWizard, Wizard } from '@/ui/common';
+import { MfaBackupCodeList } from '@/ui/components/UserProfile/MfaBackupCodeList';
+import { Button, Col, descriptors, Flex, Flow, localizationKeys, Text } from '@/ui/customizables';
+import { Action, Actions } from '@/ui/elements/Actions';
+import { Card } from '@/ui/elements/Card';
+import { useCardState, withCardStateProvider } from '@/ui/elements/contexts';
+import { Form } from '@/ui/elements/Form';
+import { FormButtonContainer } from '@/ui/elements/FormButtons';
+import { Header } from '@/ui/elements/Header';
+import { PreviewButton } from '@/ui/elements/PreviewButton';
+import { SuccessPage } from '@/ui/elements/SuccessPage';
+import { type VerificationCodeCardProps, VerificationCodeContent } from '@/ui/elements/VerificationCodeCard';
+import { Add } from '@/ui/icons';
+import { handleError } from '@/ui/utils/errorHandler';
+import { getFlagEmojiFromCountryIso, parsePhoneString, stringToFormattedPhoneString } from '@/ui/utils/phoneUtils';
+import { useFormControl } from '@/ui/utils/useFormControl';
+
+import { SharedFooterActionForSignOut } from './shared';
+
+type MFAVerifyPhoneForSessionTasksProps = {
+  resourceRef: React.MutableRefObject<PhoneNumberResource | undefined>;
+  onSuccess: () => void;
+  onReset: () => void;
+};
+
+export const getAvailablePhonesFromUser = (user: UserResource | undefined | null) => {
+  return (
+    user?.phoneNumbers.filter(phoneNumber => {
+      const hasOtherIdentifications =
+        user?.primaryEmailAddress !== null ||
+        user?.primaryWeb3Wallet !== null ||
+        user?.passkeys.length > 0 ||
+        user?.externalAccounts.length > 0 ||
+        user?.enterpriseAccounts.length > 0 ||
+        user?.username !== null;
+
+      if (phoneNumber.id === user?.primaryPhoneNumber?.id && !hasOtherIdentifications) {
+        return false;
+      }
+      return !phoneNumber.reservedForSecondFactor;
+    }) || []
+  );
+};
+
+const MFAVerifyPhoneForSessionTasks = withCardStateProvider((props: MFAVerifyPhoneForSessionTasksProps) => {
+  const { onSuccess, resourceRef, onReset } = props;
+  const card = useCardState();
+  const phone = resourceRef.current;
+  const setReservedForSecondFactor = useReverification(() => phone?.setReservedForSecondFactor({ reserved: true }));
+
+  const prepare = () => {
+    return resourceRef.current?.prepareVerification?.()?.catch(err => handleError(err, [], card.setError));
+  };
+
+  const enableMfa = async () => {
+    card.setLoading(phone?.id);
+    try {
+      const result = await setReservedForSecondFactor();
+      resourceRef.current = result;
+      onSuccess();
+    } catch (err) {
+      handleError(err as Error, [], card.setError);
+    } finally {
+      card.setIdle();
+    }
+  };
+
+  React.useEffect(() => {
+    void prepare();
+  }, []);
+
+  const action: VerificationCodeCardProps['onCodeEntryFinishedAction'] = (code, resolve, reject) => {
+    void resourceRef.current
+      ?.attemptVerification({ code: code })
+      .then(async () => {
+        await resolve();
+        await enableMfa();
+      })
+      .catch(reject);
+  };
+
+  return (
+    <Card.Content>
+      <VerificationCodeContent
+        cardTitle={localizationKeys('taskSetupMfa.smsCode.verifyPhone.title')}
+        cardSubtitle={localizationKeys('taskSetupMfa.smsCode.verifyPhone.subtitle')}
+        safeIdentifier={resourceRef.current?.phoneNumber || ''}
+        inputLabel={localizationKeys('taskSetupMfa.smsCode.verifyPhone.formTitle')}
+        resendButton={localizationKeys('taskSetupMfa.smsCode.verifyPhone.resendButton')}
+        badgeText={localizationKeys('taskSetupMfa.badge')}
+        onCodeEntryFinishedAction={action}
+        onResendCodeClicked={() => void prepare()}
+        onIdentityPreviewEditClicked={() => onReset()}
+        onBackLinkClicked={() => onReset()}
+        backLinkLabel={localizationKeys('taskSetupMfa.smsCode.cancel')}
+      />
+    </Card.Content>
+  );
+});
+
+type AddPhoneForSessionTasksProps = {
+  resourceRef: React.MutableRefObject<PhoneNumberResource | undefined>;
+  onSuccess: () => void;
+  onReset: () => void;
+};
+
+const AddPhoneForSessionTasks = withCardStateProvider((props: AddPhoneForSessionTasksProps) => {
+  const { resourceRef, onSuccess, onReset } = props;
+  const card = useCardState();
+  const { user } = useUser();
+  const createPhoneNumber = useReverification(
+    (user: UserResource, opt: Parameters<UserResource['createPhoneNumber']>[0]) => user.createPhoneNumber(opt),
+  );
+
+  const phoneField = useFormControl('phoneNumber', '', {
+    type: 'tel',
+    label: localizationKeys('formFieldLabel__phoneNumber'),
+    isRequired: true,
+  });
+
+  const canSubmit = phoneField.value.length > 1 && user?.username !== phoneField.value;
+
+  const addPhone = async (e: React.FormEvent) => {
+    e.preventDefault();
+    if (!user) {
+      return;
+    }
+    await card.runAsync(async () => {
+      try {
+        const res = await createPhoneNumber(user, { phoneNumber: phoneField.value });
+        resourceRef.current = res;
+        onSuccess();
+      } catch (e) {
+        handleError(e as Error, [phoneField], card.setError);
+      }
+    });
+  };
+
+  return (
+    <Card.Content>
+      <Header.Root
+        gap={4}
+        badgeText={localizationKeys('taskSetupMfa.badge')}
+      >
+        <Header.Title localizationKey={localizationKeys('taskSetupMfa.smsCode.addPhoneNumber')} />
+        <Header.Subtitle localizationKey={localizationKeys('taskSetupMfa.smsCode.addPhone.infoText')} />
+      </Header.Root>
+      <Card.Alert>{card.error}</Card.Alert>
+      <Form.Root onSubmit={addPhone}>
+        <Form.ControlRow elementId={phoneField.id}>
+          <Form.PhoneInput
+            {...phoneField.props}
+            // eslint-disable-next-line jsx-a11y/no-autofocus
+            autoFocus
+          />
+        </Form.ControlRow>
+        <FormButtonContainer
+          sx={theme => ({
+            flexDirection: 'column',
+            gap: theme.space.$4,
+          })}
+        >
+          <Form.SubmitButton
+            hasArrow
+            isDisabled={!canSubmit}
+            localizationKey={localizationKeys('taskSetupMfa.smsCode.addPhone.formButtonPrimary')}
+          />
+          <Form.ResetButton
+            localizationKey={localizationKeys('taskSetupMfa.smsCode.cancel')}
+            onClick={onReset}
+          />
+        </FormButtonContainer>
+      </Form.Root>
+    </Card.Content>
+  );
+});
+
+type SuccessScreenProps = {
+  resourceRef: React.MutableRefObject<PhoneNumberResource | undefined>;
+  onFinish: () => void;
+};
+
+const SuccessScreen = withCardStateProvider((props: SuccessScreenProps) => {
+  const { resourceRef, onFinish } = props;
+
+  return (
+    <Card.Content>
+      <SuccessPage
+        title={localizationKeys('taskSetupMfa.smsCode.success.title')}
+        subtitle={localizationKeys('taskSetupMfa.smsCode.success.message1')}
+        headerBadgeText={localizationKeys('taskSetupMfa.badge')}
+        onFinish={onFinish}
+        contents={
+          <MfaBackupCodeList
+            backupCodes={resourceRef.current?.backupCodes}
+            subtitle={localizationKeys('taskSetupMfa.smsCode.success.message2')}
+          />
+        }
+        finishLabel={localizationKeys('taskSetupMfa.smsCode.success.finishButton')}
+        finishButtonProps={{
+          block: true,
+          hasArrow: true,
+        }}
+      />
+    </Card.Content>
+  );
+});
+
+type PhoneItemProps = {
+  phone: PhoneNumberResource;
+  onSuccess: () => void;
+  onUnverifiedPhoneClick: (phone: PhoneNumberResource) => void;
+  resourceRef: React.MutableRefObject<PhoneNumberResource | undefined>;
+};
+
+const PhoneItem = ({ phone, onSuccess, onUnverifiedPhoneClick, resourceRef }: PhoneItemProps) => {
+  const card = useCardState();
+  const setReservedForSecondFactor = useReverification(() => phone.setReservedForSecondFactor({ reserved: true }));
+
+  const { iso } = parsePhoneString(phone.phoneNumber);
+  const flag = getFlagEmojiFromCountryIso(iso);
+  const formattedPhone = stringToFormattedPhoneString(phone.phoneNumber);
+
+  const handleSelect = async () => {
+    if (phone.verification.status !== 'verified') {
+      return onUnverifiedPhoneClick(phone);
+    }
+
+    card.setLoading(phone.id);
+    try {
+      const result = await setReservedForSecondFactor();
+      resourceRef.current = result;
+      onSuccess();
+    } catch (err) {
+      handleError(err as Error, [], card.setError);
+    } finally {
+      card.setIdle();
+    }
+  };
+
+  return (
+    <PreviewButton
+      isLoading={card.loadingMetadata === phone.id}
+      hoverAsFocus
+      block
+      elementDescriptor={descriptors.taskSetupMfaPhoneSelectionItem}
+      sx={t => ({
+        padding: `${t.space.$4} ${t.space.$6}`,
+      })}
+      onClick={() => void handleSelect()}
+    >
+      <Flex sx={t => ({ gap: t.space.$4, alignItems: 'center' })}>
+        <Text sx={t => ({ fontSize: t.fontSizes.$lg })}>{flag}</Text>
+        <Text variant='buttonLarge'>{formattedPhone}</Text>
+      </Flex>
+    </PreviewButton>
+  );
+};
+
+type SmsCodeScreenProps = {
+  onSuccess: () => void;
+  onReset: () => void;
+  onAddPhoneClick: () => void;
+  onUnverifiedPhoneClick: (phone: PhoneNumberResource) => void;
+  resourceRef: React.MutableRefObject<PhoneNumberResource | undefined>;
+  availablePhones: PhoneNumberResource[];
+};
+
+const SmsCodeScreen = withCardStateProvider((props: SmsCodeScreenProps) => {
+  const { onSuccess, onReset, onAddPhoneClick, onUnverifiedPhoneClick, resourceRef } = props;
+  const { user } = useUser();
+  const card = useCardState();
+
+  if (!user) {
+    return null;
+  }
+
+  const availablePhones = getAvailablePhonesFromUser(user);
+
+  return (
+    <Flow.Part part='phoneCode'>
+      <Card.Content sx={t => ({ padding: t.space.$none })}>
+        <Header.Root
+          showLogo
+          gap={4}
+          badgeText={localizationKeys('taskSetupMfa.badge')}
+          sx={t => ({
+            paddingTop: t.space.$8,
+            paddingInline: t.space.$8,
+          })}
+        >
+          <Header.Title localizationKey={localizationKeys('taskSetupMfa.smsCode.title')} />
+          <Header.Subtitle localizationKey={localizationKeys('taskSetupMfa.smsCode.subtitle')} />
+        </Header.Root>
+        {card.error && (
+          <Flex sx={t => ({ paddingInline: t.space.$8 })}>
+            <Card.Alert>{card.error}</Card.Alert>
+          </Flex>
+        )}
+        <Col>
+          <Actions
+            role='menu'
+            elementDescriptor={descriptors.taskSetupMfaPhoneSelectionItems}
+            sx={t => ({
+              borderTopWidth: t.borderWidths.$normal,
+              borderTopStyle: t.borderStyles.$solid,
+              borderTopColor: t.colors.$borderAlpha100,
+            })}
+          >
+            {availablePhones?.map(phone => (
+              <PhoneItem
+                key={phone.id}
+                phone={phone}
+                onSuccess={onSuccess}
+                onUnverifiedPhoneClick={onUnverifiedPhoneClick}
+                resourceRef={resourceRef}
+              />
+            ))}
+            <Action
+              hoverAsFocus
+              label={localizationKeys('taskSetupMfa.smsCode.addPhoneNumber')}
+              block
+              onClick={onAddPhoneClick}
+              icon={Add}
+              elementDescriptor={descriptors.taskSetupMfaPhoneSelectionAddPhoneAction}
+              sx={t => ({
+                borderTopWidth: t.borderWidths.$normal,
+                borderTopStyle: t.borderStyles.$solid,
+                borderTopColor: t.colors.$borderAlpha100,
+                padding: `${t.space.$4} ${t.space.$4}`,
+                gap: t.space.$2,
+              })}
+              iconSx={t => ({
+                width: t.sizes.$8,
+                height: t.sizes.$6,
+              })}
+            />
+          </Actions>
+          <Flex
+            justify='center'
+            sx={t => ({
+              borderTopWidth: t.borderWidths.$normal,
+              borderTopStyle: t.borderStyles.$solid,
+              borderTopColor: t.colors.$borderAlpha100,
+              padding: t.space.$4,
+            })}
+          >
+            <Button
+              variant='ghost'
+              onClick={onReset}
+              block
+              elementDescriptor={descriptors.formButtonReset}
+              localizationKey={localizationKeys('taskSetupMfa.smsCode.cancel')}
+            />
+          </Flex>
+        </Col>
+      </Card.Content>
+    </Flow.Part>
+  );
+});
+
+type SmsCodeFlowProps = {
+  onSuccess: () => void;
+  goToStartStep: () => void;
+};
+
+// This is the order of the steps in the wizard
+const STEPS = {
+  ADD_PHONE: 0,
+  VERIFY_PHONE: 1,
+  SELECT_PHONE: 2,
+  SUCCESS: 3,
+} as const;
+
+export const SmsCodeFlow = (props: SmsCodeFlowProps) => {
+  const { onSuccess, goToStartStep } = props;
+  const { user } = useUser();
+
+  const ref = useRef<PhoneNumberResource>();
+
+  const availablePhones = useMemo(() => {
+    if (!user) {
+      return [];
+    }
+    return getAvailablePhonesFromUser(user);
+  }, [user]);
+
+  const wizard = useWizard({ defaultStep: availablePhones.length > 0 ? STEPS.SELECT_PHONE : STEPS.ADD_PHONE });
+
+  return (
+    <Card.Root>
+      <Wizard
+        {...wizard.props}
+        animate={false}
+      >
+        {/* Step 0: Add new phone (default if no available phones) */}
+        <AddPhoneForSessionTasks
+          resourceRef={ref}
+          onSuccess={wizard.nextStep}
+          onReset={() => (availablePhones.length > 0 ? wizard.goToStep(STEPS.SELECT_PHONE) : goToStartStep())}
+        />
+        {/* Step 1: Verify phone */}
+        <MFAVerifyPhoneForSessionTasks
+          resourceRef={ref}
+          onSuccess={() => wizard.goToStep(STEPS.SUCCESS)}
+          onReset={() => wizard.goToStep(STEPS.ADD_PHONE)}
+        />
+        {/* Step 2: Phone selection (default if available phones) */}
+        <SmsCodeScreen
+          availablePhones={availablePhones}
+          onSuccess={wizard.nextStep}
+          onReset={goToStartStep}
+          onAddPhoneClick={() => wizard.goToStep(STEPS.ADD_PHONE)}
+          onUnverifiedPhoneClick={(phone: PhoneNumberResource) => {
+            ref.current = phone;
+            wizard.goToStep(STEPS.VERIFY_PHONE);
+          }}
+          resourceRef={ref}
+        />
+        {/* Step 3: Success with backup codes */}
+        <SuccessScreen
+          resourceRef={ref}
+          onFinish={onSuccess}
+        />
+      </Wizard>
+      <Card.Footer>
+        <SharedFooterActionForSignOut />
+      </Card.Footer>
+    </Card.Root>
+  );
+};
diff --git a/packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskSetupMfa/TOTPCodeFlowScreen.tsx b/packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskSetupMfa/TOTPCodeFlowScreen.tsx
new file mode 100644
index 00000000000..26306cd7ecc
--- /dev/null
+++ b/packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskSetupMfa/TOTPCodeFlowScreen.tsx
@@ -0,0 +1,285 @@
+import { isClerkRuntimeError } from '@clerk/shared/error';
+import { useReverification, useUser } from '@clerk/shared/react';
+import type { TOTPResource } from '@clerk/shared/types';
+import React, { useRef } from 'react';
+
+import { QRCode, useWizard, Wizard } from '@/ui/common';
+import { MfaBackupCodeList } from '@/ui/components/UserProfile/MfaBackupCodeList';
+import { Button, Col, descriptors, localizationKeys, Text } from '@/ui/customizables';
+import { Card } from '@/ui/elements/Card';
+import { ClipboardInput } from '@/ui/elements/ClipboardInput';
+import { useFieldOTP } from '@/ui/elements/CodeControl';
+import { useCardState, withCardStateProvider } from '@/ui/elements/contexts';
+import { Form } from '@/ui/elements/Form';
+import { FormButtonContainer } from '@/ui/elements/FormButtons';
+import { FormContainer } from '@/ui/elements/FormContainer';
+import { FullHeightLoader } from '@/ui/elements/FullHeightLoader';
+import { SuccessPage } from '@/ui/elements/SuccessPage';
+import { Check, ClipboardOutline } from '@/ui/icons';
+import { handleError } from '@/ui/utils/errorHandler';
+
+import { SharedFooterActionForSignOut } from './shared';
+
+type SuccessScreenProps = {
+  resourceRef: React.MutableRefObject<TOTPResource | undefined>;
+  onFinish: () => void;
+};
+
+type VerifyTOTPProps = {
+  onSuccess: () => void;
+  onReset: () => void;
+  resourceRef: React.MutableRefObject<TOTPResource | undefined>;
+};
+
+type AddAuthenticatorAppProps = {
+  onSuccess: () => void;
+  onReset: () => void;
+};
+
+type DisplayFormat = 'qr' | 'uri';
+
+export const AddAuthenticatorApp = withCardStateProvider((props: AddAuthenticatorAppProps) => {
+  const { onSuccess, onReset } = props;
+  const { user } = useUser();
+  const card = useCardState();
+  const createTOTP = useReverification(() => user?.createTOTP());
+  const [totp, setTOTP] = React.useState<TOTPResource | undefined>(undefined);
+  const [displayFormat, setDisplayFormat] = React.useState<DisplayFormat>('qr');
+
+  React.useEffect(() => {
+    if (!user) {
+      return;
+    }
+
+    void createTOTP()
+      .then(totp => setTOTP(totp))
+      .catch(err => {
+        if (isClerkRuntimeError(err) && err.code === 'reverification_cancelled') {
+          return onReset();
+        }
+        return handleError(err, [], card.setError);
+      });
+  }, []);
+
+  return (
+    <FormContainer
+      gap={8}
+      headerTitle={localizationKeys('taskSetupMfa.totpCode.title')}
+      headerTitleTextVariant='h2'
+      headerSubtitle={
+        displayFormat === 'qr'
+          ? localizationKeys('taskSetupMfa.totpCode.addAuthenticatorApp.infoText__ableToScan')
+          : localizationKeys('taskSetupMfa.totpCode.addAuthenticatorApp.infoText__unableToScan')
+      }
+      badgeText={localizationKeys('taskSetupMfa.badge')}
+    >
+      {!totp && <FullHeightLoader />}
+
+      {totp && (
+        <>
+          <Col gap={4}>
+            {displayFormat === 'qr' && (
+              <QRCode
+                justify='center'
+                url={totp.uri || ''}
+              />
+            )}
+
+            {displayFormat === 'uri' && (
+              <>
+                <Text
+                  colorScheme='secondary'
+                  localizationKey={localizationKeys(
+                    'taskSetupMfa.totpCode.addAuthenticatorApp.inputLabel__unableToScan1',
+                  )}
+                />
+
+                <ClipboardInput
+                  value={totp.secret}
+                  copyIcon={ClipboardOutline}
+                  copiedIcon={Check}
+                />
+              </>
+            )}
+          </Col>
+          <Col
+            sx={theme => ({
+              gap: theme.space.$8,
+            })}
+          >
+            {displayFormat === 'qr' && (
+              <Button
+                variant='outline'
+                textVariant='buttonLarge'
+                onClick={() => setDisplayFormat('uri')}
+                localizationKey={localizationKeys(
+                  'taskSetupMfa.totpCode.addAuthenticatorApp.buttonUnableToScan__nonPrimary',
+                )}
+              />
+            )}
+            {displayFormat === 'uri' && (
+              <Button
+                variant='outline'
+                block
+                textVariant='buttonLarge'
+                onClick={() => setDisplayFormat('qr')}
+                localizationKey={localizationKeys(
+                  'taskSetupMfa.totpCode.addAuthenticatorApp.buttonAbleToScan__nonPrimary',
+                )}
+              />
+            )}
+            <FormButtonContainer
+              sx={theme => ({
+                flexDirection: 'column',
+                gap: theme.space.$4,
+              })}
+            >
+              <Button
+                block
+                onClick={onSuccess}
+                hasArrow
+                localizationKey={localizationKeys('taskSetupMfa.totpCode.addAuthenticatorApp.formButtonPrimary')}
+                elementDescriptor={descriptors.formButtonPrimary}
+              />
+
+              <Button
+                block
+                variant='ghost'
+                onClick={onReset}
+                localizationKey={localizationKeys('taskSetupMfa.totpCode.addAuthenticatorApp.formButtonReset')}
+                elementDescriptor={descriptors.formButtonReset}
+              />
+            </FormButtonContainer>
+          </Col>
+        </>
+      )}
+    </FormContainer>
+  );
+});
+
+export const VerifyTOTP = withCardStateProvider((props: VerifyTOTPProps) => {
+  const { onSuccess, onReset, resourceRef } = props;
+  const { user } = useUser();
+
+  const otp = useFieldOTP<TOTPResource>({
+    onCodeEntryFinished: (code, resolve, reject) => {
+      user
+        ?.verifyTOTP({ code })
+        .then((totp: TOTPResource) => resolve(totp))
+        .catch(reject);
+    },
+    onResolve: a => {
+      resourceRef.current = a;
+      onSuccess();
+    },
+  });
+
+  return (
+    <FormContainer
+      gap={8}
+      headerTitle={localizationKeys('taskSetupMfa.totpCode.verifyTotp.title')}
+      headerTitleTextVariant='h2'
+      headerSubtitle={localizationKeys('taskSetupMfa.totpCode.verifyTotp.subtitle')}
+      badgeText={localizationKeys('taskSetupMfa.badge')}
+    >
+      <Col>
+        <Form.OTPInput
+          {...otp}
+          label={localizationKeys('taskSetupMfa.totpCode.verifyTotp.formTitle')}
+          description={localizationKeys('taskSetupMfa.totpCode.verifyTotp.subtitle')}
+        />
+      </Col>
+
+      <FormButtonContainer
+        sx={theme => ({
+          flexDirection: 'column',
+          gap: theme.space.$4,
+        })}
+      >
+        <Button
+          onClick={() => otp.onFakeContinue()}
+          isDisabled={otp.isLoading}
+          hasArrow
+          block
+          localizationKey={localizationKeys('taskSetupMfa.totpCode.verifyTotp.formButtonPrimary')}
+          elementDescriptor={descriptors.formButtonPrimary}
+        />
+        <Button
+          onClick={() => onReset?.()}
+          variant='ghost'
+          block
+          isDisabled={otp.isLoading}
+          localizationKey={localizationKeys('taskSetupMfa.totpCode.verifyTotp.formButtonReset')}
+          elementDescriptor={descriptors.formButtonReset}
+        />
+      </FormButtonContainer>
+    </FormContainer>
+  );
+});
+
+const SuccessScreen = withCardStateProvider((props: SuccessScreenProps) => {
+  const { resourceRef, onFinish } = props;
+
+  return (
+    <SuccessPage
+      title={localizationKeys('taskSetupMfa.totpCode.success.title')}
+      subtitle={localizationKeys('taskSetupMfa.totpCode.success.message1')}
+      headerBadgeText={localizationKeys('taskSetupMfa.badge')}
+      onFinish={onFinish}
+      contents={
+        <MfaBackupCodeList
+          backupCodes={resourceRef.current?.backupCodes}
+          subtitle={localizationKeys('taskSetupMfa.totpCode.success.message2')}
+        />
+      }
+      finishLabel={localizationKeys('taskSetupMfa.totpCode.success.finishButton')}
+      finishButtonProps={{
+        block: true,
+        hasArrow: true,
+      }}
+    />
+  );
+});
+
+type TOTPCodeFlowProps = {
+  onSuccess: () => void;
+  goToStartStep: () => void;
+};
+
+export const TOTPCodeFlow = withCardStateProvider((props: TOTPCodeFlowProps) => {
+  const { onSuccess, goToStartStep } = props;
+
+  const ref = useRef<TOTPResource>();
+  const wizard = useWizard({ defaultStep: 0 });
+
+  return (
+    <Card.Root>
+      <Card.Content>
+        <Wizard
+          {...wizard.props}
+          animate={false}
+        >
+          {/* Step 0: Add new authenticator app (default if no available authenticator apps) */}
+          <AddAuthenticatorApp
+            onSuccess={() => wizard.goToStep(1)}
+            onReset={goToStartStep}
+          />
+          {/* Step 1: Verify TOTP */}
+          <VerifyTOTP
+            onSuccess={() => wizard.goToStep(2)}
+            onReset={() => wizard.goToStep(0)}
+            resourceRef={ref}
+          />
+          {/* Step 2: Success with backup codes */}
+          <SuccessScreen
+            resourceRef={ref}
+            onFinish={onSuccess}
+          />
+        </Wizard>
+      </Card.Content>
+      <Card.Footer>
+        <SharedFooterActionForSignOut />
+      </Card.Footer>
+    </Card.Root>
+  );
+});
diff --git a/packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskSetupMfa/__tests__/TaskSetupMfa.test.tsx b/packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskSetupMfa/__tests__/TaskSetupMfa.test.tsx
new file mode 100644
index 00000000000..494a4c7509a
--- /dev/null
+++ b/packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskSetupMfa/__tests__/TaskSetupMfa.test.tsx
@@ -0,0 +1,918 @@
+import { ClerkAPIResponseError } from '@clerk/shared/error';
+import type { PhoneNumberResource, TOTPResource } from '@clerk/shared/types';
+import { describe, expect, it, test, vi } from 'vitest';
+
+import { bindCreateFixtures } from '@/test/create-fixtures';
+import { act, render, screen, waitFor } from '@/test/utils';
+
+import { TaskSetupMFA } from '../index';
+
+const { createFixtures } = bindCreateFixtures('TaskSetupMFA');
+
+describe('TaskSetupMFA', () => {
+  describe('task guard', () => {
+    it('does not render component without existing session task', async () => {
+      const { wrapper } = await createFixtures(f => {
+        f.withUser({
+          email_addresses: ['test@clerk.com'],
+          identifier: 'test@clerk.com',
+        });
+        f.withAuthenticatorApp();
+      });
+
+      const { queryByText, queryByRole } = render(<TaskSetupMFA />, { wrapper });
+
+      expect(queryByText('Set up two-step verification')).not.toBeInTheDocument();
+      expect(queryByRole('link', { name: /sign out/i })).not.toBeInTheDocument();
+    });
+
+    it('renders component when session task exists', async () => {
+      const { wrapper } = await createFixtures(f => {
+        f.withUser({
+          email_addresses: ['test@clerk.com'],
+          identifier: 'test@clerk.com',
+          tasks: [{ key: 'setup-mfa' }],
+        });
+        f.withAuthenticatorApp({ enabled: true });
+        f.withPhoneNumber({ second_factors: ['phone_code'], used_for_second_factor: true });
+      });
+
+      const { queryByText, queryByRole } = render(<TaskSetupMFA />, { wrapper });
+
+      expect(queryByText('Set up two-step verification')).toBeInTheDocument();
+      expect(queryByRole('link', { name: /sign out/i })).toBeInTheDocument();
+    });
+  });
+
+  describe('main flow', () => {
+    it('should render SMS code and TOTP items on the first screen if both are enabled', async () => {
+      const { wrapper } = await createFixtures(f => {
+        f.withUser({
+          email_addresses: ['test@clerk.com'],
+          identifier: 'test@clerk.com',
+          tasks: [{ key: 'setup-mfa' }],
+        });
+        f.withAuthenticatorApp({ enabled: true });
+        f.withPhoneNumber({ second_factors: ['phone_code'], used_for_second_factor: true });
+      });
+
+      const { getByRole } = render(<TaskSetupMFA />, { wrapper });
+
+      expect(getByRole('button', { name: /authenticator application/i })).toBeInTheDocument();
+      expect(getByRole('button', { name: /sms code/i })).toBeInTheDocument();
+    });
+
+    it('should skip selection screen and go directly to SMS code flow when only SMS code is enabled', async () => {
+      const { wrapper } = await createFixtures(f => {
+        f.withUser({
+          email_addresses: ['test@clerk.com'],
+          identifier: 'test@clerk.com',
+          tasks: [{ key: 'setup-mfa' }],
+        });
+        f.withPhoneNumber({ second_factors: ['phone_code'], used_for_second_factor: true });
+      });
+
+      const { findByText, queryByText } = render(<TaskSetupMFA />, { wrapper });
+
+      await findByText(/add phone number/i);
+      expect(queryByText(/set up two-step verification/i)).not.toBeInTheDocument();
+    });
+
+    it('should skip selection screen and go directly to TOTP flow when only TOTP is enabled', async () => {
+      const { wrapper, fixtures } = await createFixtures(f => {
+        f.withUser({
+          email_addresses: ['test@clerk.com'],
+          identifier: 'test@clerk.com',
+          tasks: [{ key: 'setup-mfa' }],
+        });
+        f.withAuthenticatorApp({ enabled: true });
+      });
+
+      fixtures.clerk.user?.createTOTP.mockResolvedValue({
+        uri: 'otpauth://totp/Test:test@clerk.com?secret=TESTSECRET&issuer=Test',
+        secret: 'TESTSECRET',
+      } as TOTPResource);
+
+      const { findByText, queryByText } = render(<TaskSetupMFA />, { wrapper });
+
+      await findByText(/add authenticator application/i);
+      expect(queryByText(/set up two-step verification/i)).not.toBeInTheDocument();
+    });
+  });
+  describe('authenticator application', () => {
+    it('should render the initial screen with the qr code', async () => {
+      const { wrapper, fixtures } = await createFixtures(f => {
+        f.withUser({
+          email_addresses: ['test@clerk.com'],
+          identifier: 'test@clerk.com',
+          tasks: [{ key: 'setup-mfa' }],
+        });
+        f.withAuthenticatorApp({ enabled: true });
+        f.withPhoneNumber({ second_factors: ['phone_code'], used_for_second_factor: true });
+      });
+
+      fixtures.clerk.user?.createTOTP.mockResolvedValue({
+        uri: 'otpauth://totp/Test:test@clerk.com?secret=TESTSECRET&issuer=Test',
+        secret: 'TESTSECRET',
+      } as TOTPResource);
+
+      const { getByRole, findByText, userEvent } = render(<TaskSetupMFA />, { wrapper });
+
+      await act(async () => {
+        await userEvent.click(getByRole('button', { name: /authenticator application/i }));
+      });
+
+      await findByText(/add authenticator application/i);
+      await findByText(/scan the following QR code/i);
+      expect(getByRole('button', { name: /can't scan qr code/i })).toBeInTheDocument();
+    });
+
+    test('clicking the "cant scan qr code" button should render the screen with the uri', async () => {
+      const { wrapper, fixtures } = await createFixtures(f => {
+        f.withUser({
+          email_addresses: ['test@clerk.com'],
+          identifier: 'test@clerk.com',
+          tasks: [{ key: 'setup-mfa' }],
+        });
+        f.withAuthenticatorApp({ enabled: true });
+        f.withPhoneNumber({ second_factors: ['phone_code'], used_for_second_factor: true });
+      });
+
+      fixtures.clerk.user?.createTOTP.mockResolvedValue({
+        uri: 'otpauth://totp/Test:test@clerk.com?secret=TESTSECRET&issuer=Test',
+        secret: 'TESTSECRET',
+      } as TOTPResource);
+
+      const { getByRole, findByText, userEvent, queryByText } = render(<TaskSetupMFA />, { wrapper });
+
+      await act(async () => {
+        await userEvent.click(getByRole('button', { name: /authenticator application/i }));
+      });
+
+      await findByText(/add authenticator application/i);
+
+      await act(async () => {
+        await userEvent.click(getByRole('button', { name: /can't scan qr code/i }));
+      });
+
+      await findByText(/Set up a new sign-in method in your authenticator and enter the Key provided below/i);
+      expect(queryByText(/scan the following QR code/i)).not.toBeInTheDocument();
+      expect(getByRole('button', { name: /scan qr code instead/i })).toBeInTheDocument();
+    });
+
+    test('clicking continue button should navigate to the verification screen', async () => {
+      const { wrapper, fixtures } = await createFixtures(f => {
+        f.withUser({
+          email_addresses: ['test@clerk.com'],
+          identifier: 'test@clerk.com',
+          tasks: [{ key: 'setup-mfa' }],
+        });
+        f.withAuthenticatorApp({ enabled: true });
+        f.withPhoneNumber({ second_factors: ['phone_code'], used_for_second_factor: true });
+      });
+
+      fixtures.clerk.user?.createTOTP.mockResolvedValue({
+        uri: 'otpauth://totp/Test:test@clerk.com?secret=TESTSECRET&issuer=Test',
+        secret: 'TESTSECRET',
+      } as TOTPResource);
+
+      const { getByRole, findByText, findByLabelText, userEvent } = render(<TaskSetupMFA />, { wrapper });
+
+      await act(async () => {
+        await userEvent.click(getByRole('button', { name: /authenticator application/i }));
+      });
+
+      await findByText(/add authenticator application/i);
+
+      await act(async () => {
+        await userEvent.click(getByRole('button', { name: /continue/i }));
+      });
+
+      await findByText(/enter verification code generated by your authenticator/i);
+      await findByLabelText(/verification code/i);
+    });
+
+    test('completing TOTP verification should show success screen with backup codes', async () => {
+      const { wrapper, fixtures } = await createFixtures(f => {
+        f.withUser({
+          email_addresses: ['test@clerk.com'],
+          identifier: 'test@clerk.com',
+          tasks: [{ key: 'setup-mfa' }],
+        });
+        f.withAuthenticatorApp({ enabled: true });
+        f.withPhoneNumber({ second_factors: ['phone_code'], used_for_second_factor: true });
+        f.withBackupCode();
+      });
+
+      fixtures.clerk.user?.createTOTP.mockResolvedValue({
+        uri: 'otpauth://totp/Test:test@clerk.com?secret=TESTSECRET&issuer=Test',
+        secret: 'TESTSECRET',
+      } as TOTPResource);
+
+      fixtures.clerk.user?.verifyTOTP.mockResolvedValue({
+        backupCodes: ['code1', 'code2', 'code3'],
+      } as TOTPResource);
+
+      const { getByRole, findByText, userEvent } = render(<TaskSetupMFA />, { wrapper });
+
+      await act(async () => {
+        await userEvent.click(getByRole('button', { name: /authenticator application/i }));
+      });
+
+      await findByText(/add authenticator application/i);
+
+      await act(async () => {
+        await userEvent.click(getByRole('button', { name: /continue/i }));
+      });
+
+      await findByText(/enter verification code generated by your authenticator/i);
+
+      await userEvent.type(screen.getByLabelText(/verification code/i), '123456');
+
+      await waitFor(() => {
+        expect(fixtures.clerk.user?.verifyTOTP).toHaveBeenCalledWith({ code: '123456' });
+      });
+
+      await findByText(/authenticator application verification enabled/i);
+      await findByText(/save these backup codes/i);
+    });
+
+    test('completing TOTP verification should show simple success screen when backup codes are not enabled', async () => {
+      const { wrapper, fixtures } = await createFixtures(f => {
+        f.withUser({
+          email_addresses: ['test@clerk.com'],
+          identifier: 'test@clerk.com',
+          tasks: [{ key: 'setup-mfa' }],
+        });
+        f.withAuthenticatorApp({ enabled: true });
+        f.withPhoneNumber({ second_factors: ['phone_code'], used_for_second_factor: true });
+      });
+
+      fixtures.clerk.user?.createTOTP.mockResolvedValue({
+        uri: 'otpauth://totp/Test:test@clerk.com?secret=TESTSECRET&issuer=Test',
+        secret: 'TESTSECRET',
+      } as TOTPResource);
+
+      fixtures.clerk.user?.verifyTOTP.mockResolvedValue({} as TOTPResource);
+
+      const { getByRole, findByText, queryByText, userEvent } = render(<TaskSetupMFA />, { wrapper });
+
+      await act(async () => {
+        await userEvent.click(getByRole('button', { name: /authenticator application/i }));
+      });
+
+      await findByText(/add authenticator application/i);
+
+      await act(async () => {
+        await userEvent.click(getByRole('button', { name: /continue/i }));
+      });
+
+      await findByText(/enter verification code generated by your authenticator/i);
+
+      await userEvent.type(screen.getByLabelText(/verification code/i), '123456');
+
+      await waitFor(() => {
+        expect(fixtures.clerk.user?.verifyTOTP).toHaveBeenCalledWith({ code: '123456' });
+      });
+
+      await findByText(/authenticator application verification enabled/i);
+      expect(queryByText(/save these backup codes/i)).not.toBeInTheDocument();
+    });
+
+    test('clicking "scan qr code instead" should switch back from URI view to QR code', async () => {
+      const { wrapper, fixtures } = await createFixtures(f => {
+        f.withUser({
+          email_addresses: ['test@clerk.com'],
+          identifier: 'test@clerk.com',
+          tasks: [{ key: 'setup-mfa' }],
+        });
+        f.withAuthenticatorApp({ enabled: true });
+        f.withPhoneNumber({ second_factors: ['phone_code'], used_for_second_factor: true });
+      });
+
+      fixtures.clerk.user?.createTOTP.mockResolvedValue({
+        uri: 'otpauth://totp/Test:test@clerk.com?secret=TESTSECRET&issuer=Test',
+        secret: 'TESTSECRET',
+      } as TOTPResource);
+
+      const { getByRole, findByText, queryByText, userEvent } = render(<TaskSetupMFA />, { wrapper });
+
+      await act(async () => {
+        await userEvent.click(getByRole('button', { name: /authenticator application/i }));
+      });
+
+      await findByText(/add authenticator application/i);
+
+      // Switch to URI view
+      await act(async () => {
+        await userEvent.click(getByRole('button', { name: /can't scan qr code/i }));
+      });
+
+      await findByText(/Set up a new sign-in method in your authenticator and enter the Key provided below/i);
+      expect(queryByText(/scan the following QR code/i)).not.toBeInTheDocument();
+
+      // Switch back to QR code view
+      await act(async () => {
+        await userEvent.click(getByRole('button', { name: /scan qr code instead/i }));
+      });
+
+      await findByText(/scan the following QR code/i);
+      expect(
+        queryByText(/Set up a new sign-in method in your authenticator and enter the Key provided below/i),
+      ).not.toBeInTheDocument();
+      expect(getByRole('button', { name: /can't scan qr code/i })).toBeInTheDocument();
+    });
+
+    it('should navigate back to main selection when clicking cancel from TOTP flow', async () => {
+      const { wrapper, fixtures } = await createFixtures(f => {
+        f.withUser({
+          email_addresses: ['test@clerk.com'],
+          identifier: 'test@clerk.com',
+          tasks: [{ key: 'setup-mfa' }],
+        });
+        f.withAuthenticatorApp({ enabled: true });
+        f.withPhoneNumber({ second_factors: ['phone_code'], used_for_second_factor: true });
+      });
+
+      fixtures.clerk.user?.createTOTP.mockResolvedValue({
+        uri: 'otpauth://totp/Test:test@clerk.com?secret=TESTSECRET&issuer=Test',
+        secret: 'TESTSECRET',
+      } as TOTPResource);
+
+      const { getByRole, findByText, userEvent } = render(<TaskSetupMFA />, { wrapper });
+
+      await act(async () => {
+        await userEvent.click(getByRole('button', { name: /authenticator application/i }));
+      });
+
+      await findByText(/add authenticator application/i);
+
+      await act(async () => {
+        await userEvent.click(getByRole('button', { name: /cancel/i }));
+      });
+
+      // Should be back on main selection screen
+      expect(getByRole('button', { name: /authenticator application/i })).toBeInTheDocument();
+      expect(getByRole('button', { name: /sms code/i })).toBeInTheDocument();
+    });
+
+    it('should display error when createTOTP fails', async () => {
+      const { wrapper, fixtures } = await createFixtures(f => {
+        f.withUser({
+          email_addresses: ['test@clerk.com'],
+          identifier: 'test@clerk.com',
+          tasks: [{ key: 'setup-mfa' }],
+        });
+        f.withAuthenticatorApp({ enabled: true });
+        f.withPhoneNumber({ second_factors: ['phone_code'], used_for_second_factor: true });
+      });
+
+      fixtures.clerk.user?.createTOTP.mockRejectedValueOnce(
+        new ClerkAPIResponseError('Error', {
+          data: [
+            {
+              code: 'totp_already_enabled',
+              long_message: 'TOTP is already enabled for this user',
+              message: 'TOTP already enabled',
+              meta: {},
+            },
+          ],
+          status: 422,
+        }),
+      );
+
+      const { getByRole, findByText, userEvent } = render(<TaskSetupMFA />, { wrapper });
+
+      await act(async () => {
+        await userEvent.click(getByRole('button', { name: /authenticator application/i }));
+      });
+
+      await findByText(/TOTP is already enabled for this user/i);
+    });
+
+    it('should display error when verifyTOTP fails with incorrect code', async () => {
+      const { wrapper, fixtures } = await createFixtures(f => {
+        f.withUser({
+          email_addresses: ['test@clerk.com'],
+          identifier: 'test@clerk.com',
+          tasks: [{ key: 'setup-mfa' }],
+        });
+        f.withAuthenticatorApp({ enabled: true });
+        f.withPhoneNumber({ second_factors: ['phone_code'], used_for_second_factor: true });
+      });
+
+      fixtures.clerk.user?.createTOTP.mockResolvedValue({
+        uri: 'otpauth://totp/Test:test@clerk.com?secret=TESTSECRET&issuer=Test',
+        secret: 'TESTSECRET',
+      } as TOTPResource);
+
+      fixtures.clerk.user?.verifyTOTP.mockRejectedValueOnce(
+        new ClerkAPIResponseError('Error', {
+          data: [
+            {
+              code: 'form_code_incorrect',
+              long_message: 'Incorrect authenticator code',
+              message: 'is incorrect',
+              meta: { param_name: 'code' },
+            },
+          ],
+          status: 422,
+        }),
+      );
+
+      const { getByRole, findByText, userEvent } = render(<TaskSetupMFA />, { wrapper });
+
+      await act(async () => {
+        await userEvent.click(getByRole('button', { name: /authenticator application/i }));
+      });
+
+      await findByText(/add authenticator application/i);
+
+      await act(async () => {
+        await userEvent.click(getByRole('button', { name: /continue/i }));
+      });
+
+      await findByText(/enter verification code generated by your authenticator/i);
+
+      await userEvent.type(screen.getByLabelText(/verification code/i), '123456');
+
+      await waitFor(() => {
+        expect(fixtures.clerk.user?.verifyTOTP).toHaveBeenCalledWith({ code: '123456' });
+      });
+
+      expect(await screen.findByTestId('form-feedback-error')).toHaveTextContent(/Incorrect authenticator code/i);
+    });
+  });
+
+  describe('sms code', () => {
+    it('should render the phone selection screen when clicking SMS code button', async () => {
+      const { wrapper } = await createFixtures(f => {
+        f.withUser({
+          email_addresses: ['test@clerk.com'],
+          identifier: 'test@clerk.com',
+          phone_numbers: [{ phone_number: '+306911111111', id: 'phone_1' }],
+          tasks: [{ key: 'setup-mfa' }],
+        });
+        f.withAuthenticatorApp({ enabled: true });
+        f.withPhoneNumber({ second_factors: ['phone_code'], used_for_second_factor: true });
+      });
+
+      const { getByRole, findByText, userEvent } = render(<TaskSetupMFA />, { wrapper });
+
+      await act(async () => {
+        await userEvent.click(getByRole('button', { name: /sms code/i }));
+      });
+
+      await findByText(/add sms code verification/i);
+      await findByText(/choose phone number you want to use/i);
+      await findByText(/\+30 691 1111111/i);
+      expect(getByRole('menuitem', { name: /add phone number/i })).toBeInTheDocument();
+    });
+
+    it('should show add phone screen when no existing phone numbers', async () => {
+      const { wrapper } = await createFixtures(f => {
+        f.withUser({
+          email_addresses: ['test@clerk.com'],
+          identifier: 'test@clerk.com',
+          tasks: [{ key: 'setup-mfa' }],
+        });
+        f.withAuthenticatorApp({ enabled: true });
+        f.withPhoneNumber({ second_factors: ['phone_code'], used_for_second_factor: true });
+      });
+
+      const { getByRole, findByText, userEvent } = render(<TaskSetupMFA />, { wrapper });
+
+      await act(async () => {
+        await userEvent.click(getByRole('button', { name: /sms code/i }));
+      });
+
+      await findByText(/add phone number/i);
+      await findByText(/a text message containing a verification code/i);
+    });
+
+    it('clicking add phone number should navigate to add phone screen', async () => {
+      const { wrapper } = await createFixtures(f => {
+        f.withUser({
+          email_addresses: ['test@clerk.com'],
+          identifier: 'test@clerk.com',
+          phone_numbers: [{ phone_number: '+306911111111', id: 'phone_1' }],
+          tasks: [{ key: 'setup-mfa' }],
+        });
+        f.withAuthenticatorApp({ enabled: true });
+        f.withPhoneNumber({ second_factors: ['phone_code'], used_for_second_factor: true });
+      });
+
+      const { getByRole, findByText, userEvent } = render(<TaskSetupMFA />, { wrapper });
+
+      await act(async () => {
+        await userEvent.click(getByRole('button', { name: /sms code/i }));
+      });
+
+      await findByText(/add sms code verification/i);
+
+      await act(async () => {
+        await userEvent.click(getByRole('menuitem', { name: /add phone number/i }));
+      });
+
+      await findByText(/add phone number/i);
+      await findByText(/a text message containing a verification code/i);
+    });
+
+    test('completing SMS code verification should show success screen with backup codes', async () => {
+      const { wrapper, fixtures } = await createFixtures(f => {
+        f.withUser({
+          email_addresses: ['test@clerk.com'],
+          identifier: 'test@clerk.com',
+          phone_numbers: [
+            {
+              phone_number: '+306911111111',
+              id: 'phone_1',
+              verification: { status: 'verified', strategy: 'phone_code' },
+            },
+          ],
+          tasks: [{ key: 'setup-mfa' }],
+        });
+        f.withAuthenticatorApp({ enabled: true });
+        f.withPhoneNumber({ second_factors: ['phone_code'], used_for_second_factor: true });
+        f.withBackupCode();
+      });
+
+      fixtures.clerk.user?.phoneNumbers[0].setReservedForSecondFactor.mockResolvedValue({
+        backupCodes: ['code1', 'code2', 'code3'],
+      } as PhoneNumberResource);
+
+      const { getByRole, findByText, userEvent } = render(<TaskSetupMFA />, { wrapper });
+
+      await act(async () => {
+        await userEvent.click(getByRole('button', { name: /sms code/i }));
+      });
+
+      await findByText(/add sms code verification/i);
+
+      await act(async () => {
+        await userEvent.click(getByRole('button', { name: /\+30 691 1111111/i }));
+      });
+
+      expect(fixtures.clerk.user?.phoneNumbers[0].setReservedForSecondFactor).toHaveBeenCalledWith({
+        reserved: true,
+      });
+
+      await findByText(/sms code verification enabled/i);
+      await findByText(/save these backup codes/i);
+    });
+
+    test('completing SMS code verification should show simple success screen when backup codes are not enabled', async () => {
+      const { wrapper, fixtures } = await createFixtures(f => {
+        f.withUser({
+          email_addresses: ['test@clerk.com'],
+          identifier: 'test@clerk.com',
+          phone_numbers: [
+            {
+              phone_number: '+306911111111',
+              id: 'phone_1',
+              verification: { status: 'verified', strategy: 'phone_code' },
+            },
+          ],
+          tasks: [{ key: 'setup-mfa' }],
+        });
+        f.withAuthenticatorApp({ enabled: true });
+        f.withPhoneNumber({ second_factors: ['phone_code'], used_for_second_factor: true });
+      });
+
+      fixtures.clerk.user?.phoneNumbers[0].setReservedForSecondFactor.mockResolvedValue({} as PhoneNumberResource);
+
+      const { getByRole, findByText, queryByText, userEvent } = render(<TaskSetupMFA />, { wrapper });
+
+      await act(async () => {
+        await userEvent.click(getByRole('button', { name: /sms code/i }));
+      });
+
+      await findByText(/add sms code verification/i);
+
+      await act(async () => {
+        await userEvent.click(getByRole('button', { name: /\+30 691 1111111/i }));
+      });
+
+      expect(fixtures.clerk.user?.phoneNumbers[0].setReservedForSecondFactor).toHaveBeenCalledWith({
+        reserved: true,
+      });
+
+      await findByText(/sms code verification enabled/i);
+      expect(queryByText(/save these backup codes/i)).not.toBeInTheDocument();
+    });
+
+    it('should not display phones already reserved for 2FA', async () => {
+      const { wrapper } = await createFixtures(f => {
+        f.withUser({
+          email_addresses: ['test@clerk.com'],
+          identifier: 'test@clerk.com',
+          phone_numbers: [
+            {
+              phone_number: '+306911111111',
+              id: 'phone_1',
+              verification: { status: 'verified', strategy: 'phone_code' },
+              reserved_for_second_factor: true,
+            },
+            {
+              phone_number: '+306922222222',
+              id: 'phone_2',
+              verification: { status: 'verified', strategy: 'phone_code' },
+              reserved_for_second_factor: false,
+            },
+          ],
+          tasks: [{ key: 'setup-mfa' }],
+        });
+        f.withAuthenticatorApp({ enabled: true });
+        f.withPhoneNumber({ second_factors: ['phone_code'], used_for_second_factor: true });
+      });
+
+      const { getByRole, findByText, queryByText, userEvent } = render(<TaskSetupMFA />, { wrapper });
+
+      await act(async () => {
+        await userEvent.click(getByRole('button', { name: /sms code/i }));
+      });
+
+      await findByText(/add sms code verification/i);
+
+      // Phone already reserved for 2FA should not be shown
+      expect(queryByText(/\+30 691 1111111/i)).not.toBeInTheDocument();
+      // Phone not reserved should be shown
+      await findByText(/\+30 692 2222222/i);
+    });
+
+    it('should navigate back to main selection when clicking cancel from SMS code flow', async () => {
+      const { wrapper } = await createFixtures(f => {
+        f.withUser({
+          email_addresses: ['test@clerk.com'],
+          identifier: 'test@clerk.com',
+          phone_numbers: [{ phone_number: '+306911111111', id: 'phone_1' }],
+          tasks: [{ key: 'setup-mfa' }],
+        });
+        f.withPhoneNumber({ second_factors: ['phone_code'], used_for_second_factor: true });
+        f.withAuthenticatorApp({ enabled: true });
+      });
+
+      const { getByRole, findByText, userEvent } = render(<TaskSetupMFA />, { wrapper });
+
+      await act(async () => {
+        await userEvent.click(getByRole('button', { name: /sms code/i }));
+      });
+
+      await findByText(/add sms code verification/i);
+
+      await act(async () => {
+        await userEvent.click(getByRole('button', { name: /cancel/i }));
+      });
+
+      // Should be back on main selection screen
+      expect(getByRole('button', { name: /authenticator application/i })).toBeInTheDocument();
+      expect(getByRole('button', { name: /sms code/i })).toBeInTheDocument();
+    });
+
+    it('should display error when setReservedForSecondFactor fails', async () => {
+      const { wrapper, fixtures } = await createFixtures(f => {
+        f.withUser({
+          email_addresses: ['test@clerk.com'],
+          identifier: 'test@clerk.com',
+          phone_numbers: [
+            {
+              phone_number: '+306911111111',
+              id: 'phone_1',
+              verification: { status: 'verified', strategy: 'phone_code' },
+            },
+          ],
+          tasks: [{ key: 'setup-mfa' }],
+        });
+        f.withAuthenticatorApp({ enabled: true });
+        f.withPhoneNumber({ second_factors: ['phone_code'], used_for_second_factor: true });
+      });
+
+      fixtures.clerk.user?.phoneNumbers[0].setReservedForSecondFactor.mockRejectedValueOnce(
+        new ClerkAPIResponseError('Error', {
+          data: [
+            {
+              code: 'identification_update_failed',
+              long_message: 'You cannot set your last identification as second factor.',
+              message: 'Update failed',
+              meta: {},
+            },
+          ],
+          status: 422,
+        }),
+      );
+
+      const { getByRole, findByText, userEvent } = render(<TaskSetupMFA />, { wrapper });
+
+      await act(async () => {
+        await userEvent.click(getByRole('button', { name: /sms code/i }));
+      });
+
+      await findByText(/add sms code verification/i);
+
+      await act(async () => {
+        await userEvent.click(getByRole('button', { name: /\+30 691 1111111/i }));
+      });
+
+      expect(fixtures.clerk.user?.phoneNumbers[0].setReservedForSecondFactor).toHaveBeenCalledWith({
+        reserved: true,
+      });
+
+      await findByText(/You cannot set your last identification as second factor/i);
+    });
+
+    it('should allow adding a new phone number and navigate to verification', async () => {
+      const { wrapper, fixtures } = await createFixtures(f => {
+        f.withUser({
+          email_addresses: ['test@clerk.com'],
+          identifier: 'test@clerk.com',
+          tasks: [{ key: 'setup-mfa' }],
+        });
+        f.withAuthenticatorApp({ enabled: true });
+        f.withPhoneNumber({ second_factors: ['phone_code'], used_for_second_factor: true });
+      });
+
+      const mockPhoneResource = {
+        id: 'phone_new',
+        phoneNumber: '+16505551234',
+        prepareVerification: vi.fn().mockResolvedValue({}),
+      } as unknown as PhoneNumberResource;
+
+      fixtures.clerk.user?.createPhoneNumber.mockResolvedValue(mockPhoneResource);
+
+      const { getByRole, findByText, getByLabelText, userEvent } = render(<TaskSetupMFA />, { wrapper });
+
+      await act(async () => {
+        await userEvent.click(getByRole('button', { name: /sms code/i }));
+      });
+
+      // Should go directly to add phone screen since user has no phones
+      await findByText(/add phone number/i);
+
+      await userEvent.type(getByLabelText(/phone number/i), '6505551234');
+
+      await act(async () => {
+        await userEvent.click(getByRole('button', { name: /continue/i }));
+      });
+
+      expect(fixtures.clerk.user?.createPhoneNumber).toHaveBeenCalledWith({
+        phoneNumber: expect.stringContaining('6505551234'),
+      });
+
+      // Should navigate to verification screen
+      await findByText(/enter the verification code/i);
+    });
+
+    it('should display error when createPhoneNumber fails', async () => {
+      const { wrapper, fixtures } = await createFixtures(f => {
+        f.withUser({
+          email_addresses: ['test@clerk.com'],
+          identifier: 'test@clerk.com',
+          tasks: [{ key: 'setup-mfa' }],
+        });
+        f.withAuthenticatorApp({ enabled: true });
+        f.withPhoneNumber({ second_factors: ['phone_code'], used_for_second_factor: true });
+      });
+
+      fixtures.clerk.user?.createPhoneNumber.mockRejectedValueOnce(
+        new ClerkAPIResponseError('Error', {
+          data: [
+            {
+              code: 'phone_number_exists',
+              long_message: 'This phone number is already associated with another account.',
+              message: 'Phone number exists',
+              meta: {},
+            },
+          ],
+          status: 422,
+        }),
+      );
+
+      const { getByRole, findByText, getByLabelText, userEvent } = render(<TaskSetupMFA />, { wrapper });
+
+      await act(async () => {
+        await userEvent.click(getByRole('button', { name: /sms code/i }));
+      });
+
+      await findByText(/add phone number/i);
+
+      await userEvent.type(getByLabelText(/phone number/i), '6505551234');
+
+      await act(async () => {
+        await userEvent.click(getByRole('button', { name: /continue/i }));
+      });
+
+      await findByText(/This phone number is already associated with another account/i);
+    });
+
+    it('should verify phone with code and show success', async () => {
+      const { wrapper, fixtures } = await createFixtures(f => {
+        f.withUser({
+          email_addresses: ['test@clerk.com'],
+          identifier: 'test@clerk.com',
+          phone_numbers: [
+            {
+              phone_number: '+306911111111',
+              id: 'phone_1',
+              verification: { status: 'unverified', strategy: 'phone_code' },
+            },
+          ],
+          tasks: [{ key: 'setup-mfa' }],
+        });
+        f.withAuthenticatorApp({ enabled: true });
+        f.withPhoneNumber({ second_factors: ['phone_code'], used_for_second_factor: true });
+      });
+
+      fixtures.clerk.user?.phoneNumbers[0].prepareVerification.mockResolvedValue({} as PhoneNumberResource);
+      fixtures.clerk.user?.phoneNumbers[0].attemptVerification.mockResolvedValue({} as PhoneNumberResource);
+      fixtures.clerk.user?.phoneNumbers[0].setReservedForSecondFactor.mockResolvedValue({} as PhoneNumberResource);
+
+      const { getByRole, findByText, userEvent } = render(<TaskSetupMFA />, { wrapper });
+
+      await act(async () => {
+        await userEvent.click(getByRole('button', { name: /sms code/i }));
+      });
+
+      await findByText(/add sms code verification/i);
+
+      // Click unverified phone to go to verification
+      await act(async () => {
+        await userEvent.click(getByRole('button', { name: /\+30 691 1111111/i }));
+      });
+
+      await findByText(/enter the verification code/i);
+
+      // Enter verification code
+      await userEvent.type(screen.getByLabelText(/verification code/i), '123456');
+
+      await waitFor(() => {
+        expect(fixtures.clerk.user?.phoneNumbers[0].attemptVerification).toHaveBeenCalledWith({ code: '123456' });
+      });
+
+      await waitFor(() => {
+        expect(fixtures.clerk.user?.phoneNumbers[0].setReservedForSecondFactor).toHaveBeenCalledWith({
+          reserved: true,
+        });
+      });
+
+      await findByText(/sms code verification enabled/i);
+    });
+
+    it('should display error when phone verification code is incorrect', async () => {
+      const { wrapper, fixtures } = await createFixtures(f => {
+        f.withUser({
+          email_addresses: ['test@clerk.com'],
+          identifier: 'test@clerk.com',
+          phone_numbers: [
+            {
+              phone_number: '+306911111111',
+              id: 'phone_1',
+              verification: { status: 'unverified', strategy: 'phone_code' },
+            },
+          ],
+          tasks: [{ key: 'setup-mfa' }],
+        });
+        f.withAuthenticatorApp({ enabled: true });
+        f.withPhoneNumber({ second_factors: ['phone_code'], used_for_second_factor: true });
+      });
+
+      fixtures.clerk.user?.phoneNumbers[0].prepareVerification.mockResolvedValue({} as PhoneNumberResource);
+      fixtures.clerk.user?.phoneNumbers[0].attemptVerification.mockRejectedValueOnce(
+        new ClerkAPIResponseError('Error', {
+          data: [
+            {
+              code: 'form_code_incorrect',
+              long_message: 'Incorrect phone code',
+              message: 'is incorrect',
+              meta: { param_name: 'code' },
+            },
+          ],
+          status: 422,
+        }),
+      );
+
+      const { getByRole, findByText, userEvent } = render(<TaskSetupMFA />, { wrapper });
+
+      await act(async () => {
+        await userEvent.click(getByRole('button', { name: /sms code/i }));
+      });
+
+      await findByText(/add sms code verification/i);
+
+      // Click unverified phone to go to verification
+      await act(async () => {
+        await userEvent.click(getByRole('button', { name: /\+30 691 1111111/i }));
+      });
+
+      await findByText(/enter the verification code/i);
+
+      // Enter incorrect verification code
+      await userEvent.type(screen.getByLabelText(/verification code/i), '000000');
+
+      await waitFor(() => {
+        expect(fixtures.clerk.user?.phoneNumbers[0].attemptVerification).toHaveBeenCalledWith({ code: '000000' });
+      });
+
+      expect(await screen.findByTestId('form-feedback-error')).toHaveTextContent(/Incorrect phone code/i);
+    });
+  });
+});
diff --git a/packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskSetupMfa/constants.ts b/packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskSetupMfa/constants.ts
new file mode 100644
index 00000000000..09f742dd531
--- /dev/null
+++ b/packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskSetupMfa/constants.ts
@@ -0,0 +1,4 @@
+export const MFA_METHODS_TO_STEP: Record<'phone_code' | 'totp', number> = {
+  phone_code: 1,
+  totp: 2,
+};
diff --git a/packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskSetupMfa/index.tsx b/packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskSetupMfa/index.tsx
new file mode 100644
index 00000000000..fdfa8d65325
--- /dev/null
+++ b/packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskSetupMfa/index.tsx
@@ -0,0 +1,107 @@
+import { useClerk, useSession, useUser } from '@clerk/shared/react';
+import { useEffect, useMemo } from 'react';
+
+import { useWizard, Wizard } from '@/ui/common';
+import { useEnvironment, withCoreSessionSwitchGuard } from '@/ui/contexts';
+import { useSessionTasksContext, useTaskSetupMFAContext } from '@/ui/contexts/components/SessionTasks';
+import { Flow } from '@/ui/customizables';
+import { withCardStateProvider } from '@/ui/elements/contexts';
+import { getSecondFactorsAvailableToAdd } from '@/ui/utils/mfa';
+
+import { withTaskGuardOnlyOnMount } from '../shared';
+import { SetupMfaStartScreen } from './SetupMfaStartScreen';
+import { SmsCodeFlow } from './SmsCodeFlowScreen';
+import { TOTPCodeFlow } from './TOTPCodeFlowScreen';
+
+const WIZARD_STEPS = {
+  start: 0,
+  phoneCode: 1,
+  totp: 2,
+} as const;
+
+const TaskSetupMFAInternal = () => {
+  const clerk = useClerk();
+  const { user } = useUser();
+  const { session } = useSession();
+  const {
+    userSettings: { attributes },
+  } = useEnvironment();
+
+  const secondFactorsAvailableToAdd = useMemo(() => {
+    const availableMethods = user ? getSecondFactorsAvailableToAdd(attributes, user) : [];
+
+    if (!user?.enterpriseAccounts || user.enterpriseAccounts.length === 0) {
+      return availableMethods;
+    }
+
+    const firstEnterpriseConnection = user?.enterpriseAccounts[0];
+
+    return availableMethods.filter(method => {
+      if (method === 'phone_code') {
+        return firstEnterpriseConnection?.enterpriseConnection?.disableAdditionalIdentifications === false;
+      }
+      return true;
+    });
+  }, [attributes, user]);
+
+  const defaultStep =
+    secondFactorsAvailableToAdd.indexOf('phone_code') > -1 ? WIZARD_STEPS.phoneCode : WIZARD_STEPS.totp;
+  const wizard = useWizard({
+    defaultStep: secondFactorsAvailableToAdd.length > 1 ? WIZARD_STEPS.start : defaultStep,
+  });
+  const { redirectUrlComplete } = useTaskSetupMFAContext();
+  const { navigateOnSetActive, redirectOnActiveSession } = useSessionTasksContext();
+
+  const handleSuccess = async () => {
+    if (redirectOnActiveSession) {
+      redirectOnActiveSession.current = false;
+    }
+    await clerk.setActive({
+      session: session?.id,
+      navigate: async ({ session }) => {
+        await navigateOnSetActive?.({ session, redirectUrlComplete });
+      },
+    });
+  };
+
+  // For this task we should not redirect to the redirectUrlComplete even if the session is active.
+  // This needed because we want the user to explicitly click the to go the the next page because they
+  // need to see the backups codes.
+  useEffect(() => {
+    if (redirectOnActiveSession) {
+      redirectOnActiveSession.current = false;
+    }
+  }, [redirectOnActiveSession]);
+
+  return (
+    <Flow.Root flow='taskSetupMfa'>
+      <Wizard
+        {...wizard.props}
+        animate={false}
+      >
+        <Flow.Part part='methodSelectionMFA'>
+          <SetupMfaStartScreen
+            availableMethods={secondFactorsAvailableToAdd}
+            goToStep={wizard.goToStep}
+          />
+        </Flow.Part>
+        <Flow.Part part='phoneCode2Fa'>
+          <SmsCodeFlow
+            onSuccess={handleSuccess}
+            goToStartStep={() => wizard.goToStep(0)}
+          />
+        </Flow.Part>
+        <Flow.Part part='totp2Fa'>
+          <TOTPCodeFlow
+            onSuccess={handleSuccess}
+            goToStartStep={() => wizard.goToStep(0)}
+          />
+        </Flow.Part>
+      </Wizard>
+    </Flow.Root>
+  );
+};
+
+export const TaskSetupMFA = withCoreSessionSwitchGuard(
+  withTaskGuardOnlyOnMount(withCardStateProvider(TaskSetupMFAInternal), 'setup-mfa'),
+);
diff --git a/packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskSetupMfa/shared.tsx b/packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskSetupMfa/shared.tsx
new file mode 100644
index 00000000000..e3090dd25f4
--- /dev/null
+++ b/packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskSetupMfa/shared.tsx
@@ -0,0 +1,56 @@
+import { useClerk, useSession, useUser } from '@clerk/shared/react';
+import type { UserResource } from '@clerk/shared/types';
+import React from 'react';
+
+import { useSignOutContext } from '@/ui/contexts';
+import { localizationKeys } from '@/ui/customizables';
+import { Card } from '@/ui/elements/Card';
+import { useMultipleSessions } from '@/ui/hooks/useMultipleSessions';
+import { stringToFormattedPhoneString } from '@/ui/utils/phoneUtils';
+
+export const commonIdentifier = (user: UserResource) => {
+  const formattedPhoneNumber = user.primaryPhoneNumber?.phoneNumber
+    ? stringToFormattedPhoneString(user.primaryPhoneNumber?.phoneNumber)
+    : null;
+  return user.primaryEmailAddress?.emailAddress ?? user.username ?? formattedPhoneNumber;
+};
+
+export function SharedFooterActionForSignOut() {
+  const { user } = useUser();
+  const clerk = useClerk();
+  const { session } = useSession();
+  const { otherSessions } = useMultipleSessions({ user });
+  const { navigateAfterSignOut, navigateAfterMultiSessionSingleSignOutUrl } = useSignOutContext();
+
+  const handleSignOut = () => {
+    if (otherSessions.length === 0) {
+      return clerk.signOut(navigateAfterSignOut);
+    }
+    return clerk.signOut(navigateAfterMultiSessionSingleSignOutUrl, { sessionId: session?.id });
+  };
+
+  const identifier = React.useMemo(() => (user ? commonIdentifier(user) : null), [user]);
+
+  return (
+    <Card.Action
+      elementId='signOut'
+      gap={4}
+      justify='center'
+      sx={() => ({ width: '100%' })}
+    >
+      {identifier && (
+        <Card.ActionText
+          truncate
+          localizationKey={localizationKeys('taskSetupMfa.signOut.actionText', {
+            identifier,
+          })}
+        />
+      )}
+      <Card.ActionLink
+        sx={() => ({ flexShrink: 0 })}
+        onClick={() => void handleSignOut()}
+        localizationKey={localizationKeys('taskSetupMfa.signOut.actionLink')}
+      />
+    </Card.Action>
+  );
+}
diff --git a/packages/clerk-js/src/ui/components/SessionTasks/tasks/shared/index.ts b/packages/clerk-js/src/ui/components/SessionTasks/tasks/shared/index.ts
index c78a073ba17..504f7d7143e 100644
--- a/packages/clerk-js/src/ui/components/SessionTasks/tasks/shared/index.ts
+++ b/packages/clerk-js/src/ui/components/SessionTasks/tasks/shared/index.ts
@@ -1 +1,2 @@
 export { withTaskGuard } from './withTaskGuard';
+export { withTaskGuardOnlyOnMount } from './withTaskGuardOnlyOnMount';
diff --git a/packages/clerk-js/src/ui/components/SessionTasks/tasks/shared/withTaskGuardOnlyOnMount.tsx b/packages/clerk-js/src/ui/components/SessionTasks/tasks/shared/withTaskGuardOnlyOnMount.tsx
new file mode 100644
index 00000000000..1052047564f
--- /dev/null
+++ b/packages/clerk-js/src/ui/components/SessionTasks/tasks/shared/withTaskGuardOnlyOnMount.tsx
@@ -0,0 +1,67 @@
+import { isDevelopmentFromPublishableKey } from '@clerk/shared/keys';
+import { useClerk } from '@clerk/shared/react';
+import type { SessionTask } from '@clerk/shared/types';
+import type { ComponentType } from 'react';
+import { useEffect, useRef } from 'react';
+
+import { warnings } from '@/core/warnings';
+import { useSessionTasksContext } from '@/ui/contexts/components/SessionTasks';
+import { useRouter } from '@/ui/router';
+import type { AvailableComponentProps } from '@/ui/types';
+
+/**
+ * Triggers a redirect if current task is not the given task key on initial mount only.
+ *
+ * Unlike the standard withTaskGuard, this guard captures the redirect condition on mount
+ * and does not re-evaluate it on subsequent renders. This allows tasks like setup-mfa to continue
+ * to still show the success screen after the task is completed mid-flow.
+ *
+ * If there's a current session, it will redirect to the `redirectUrlComplete` prop.
+ * If there's no current session, it will redirect to the sign in URL.
+ *
+ * @internal
+ */
+export const withTaskGuardOnlyOnMount = <P extends AvailableComponentProps>(
+  Component: ComponentType<P>,
+  taskKey: SessionTask['key'],
+): ((props: P) => null | JSX.Element) => {
+  const displayName = Component.displayName || Component.name || 'Component';
+  Component.displayName = displayName;
+
+  const HOC = (props: P) => {
+    const ctx = useSessionTasksContext();
+    const clerk = useClerk();
+    const { navigate } = useRouter();
+
+    const shouldRedirectOnMount = useRef<boolean | null>(null);
+
+    if (shouldRedirectOnMount.current === null) {
+      shouldRedirectOnMount.current =
+        !clerk.session?.currentTask ||
+        (clerk.session.currentTask.key !== taskKey && !clerk.__internal_setActiveInProgress);
+    }
+
+    useEffect(() => {
+      if (shouldRedirectOnMount.current) {
+        if (isDevelopmentFromPublishableKey(clerk.publishableKey)) {
+          console.info(warnings.cannotRenderComponentWhenTaskDoesNotExist);
+        }
+        const redirectUrl = !clerk.session
+          ? clerk.buildSignInUrl()
+          : (ctx.redirectUrlComplete ?? clerk.buildAfterSignInUrl());
+        void navigate(redirectUrl);
+      }
+      // eslint-disable-next-line react-hooks/exhaustive-deps
+    }, []);
+
+    if (shouldRedirectOnMount.current) {
+      return null;
+    }
+
+    return <Component {...props} />;
+  };
+
+  HOC.displayName = `withTaskGuardOnlyOnMount(${displayName})`;
+
+  return HOC;
+};
diff --git a/packages/clerk-js/src/ui/components/UserProfile/MfaSection.tsx b/packages/clerk-js/src/ui/components/UserProfile/MfaSection.tsx
index d1a7d9e787d..d5930c75b5b 100644
--- a/packages/clerk-js/src/ui/components/UserProfile/MfaSection.tsx
+++ b/packages/clerk-js/src/ui/components/UserProfile/MfaSection.tsx
@@ -20,7 +20,7 @@ import { defaultFirst, getSecondFactors, getSecondFactorsAvailableToAdd } from '
 
 export const MfaSection = () => {
   const {
-    userSettings: { attributes },
+    userSettings: { attributes, signUp },
   } = useEnvironment();
   const { user } = useUser();
   const [actionValue, setActionValue] = useState<string | null>(null);
@@ -34,12 +34,16 @@ export const MfaSection = () => {
 
   const showTOTP = secondFactors.includes('totp') && user.totpEnabled;
   const showBackupCode = secondFactors.includes('backup_code') && user.backupCodeEnabled;
+  const showPhoneCode = secondFactors.includes('phone_code');
 
   const mfaPhones = user.phoneNumbers
     .filter(ph => ph.verification.status === 'verified')
     .filter(ph => ph.reservedForSecondFactor)
     .sort(defaultFirst);
 
+  const hideTOTPDeleteAction = Boolean(signUp.mfa?.required && mfaPhones.length === 0);
+  const hidePhoneCodeDeleteAction = Boolean(signUp.mfa?.required && !showTOTP && mfaPhones.length === 1);
+
   return (
     <ProfileSection.Root
       title={localizationKeys('userProfile.start.mfaSection.title')}
@@ -68,7 +72,7 @@ export const MfaSection = () => {
                   <Badge localizationKey={localizationKeys('badge__default')} />
                 </Flex>
 
-                <MfaTOTPMenu />
+                {!hideTOTPDeleteAction && <MfaTOTPMenu />}
               </ProfileSection.Item>
 
               <Action.Open value='remove-totp'>
@@ -79,7 +83,7 @@ export const MfaSection = () => {
             </>
           )}
 
-          {secondFactors.includes('phone_code') &&
+          {showPhoneCode &&
             mfaPhones.map(phone => {
               const isDefault = !showTOTP && phone.defaultSecondFactor;
               const phoneId = phone.id;
@@ -102,7 +106,8 @@ export const MfaSection = () => {
 
                     <MfaPhoneCodeMenu
                       phone={phone}
-                      showTOTP={showTOTP}
+                      isDefault={isDefault}
+                      hidePhoneCodeDeleteAction={hidePhoneCodeDeleteAction}
                     />
                   </ProfileSection.Item>
 
@@ -153,30 +158,37 @@ export const MfaSection = () => {
 
 type MfaPhoneCodeMenuProps = {
   phone: PhoneNumberResource;
-  showTOTP: boolean;
+  isDefault: boolean;
+  hidePhoneCodeDeleteAction: boolean;
 };
 
-const MfaPhoneCodeMenu = ({ phone, showTOTP }: MfaPhoneCodeMenuProps) => {
+const MfaPhoneCodeMenu = ({ phone, isDefault, hidePhoneCodeDeleteAction }: MfaPhoneCodeMenuProps) => {
   const { open } = useActionContext();
   const card = useCardState();
   const phoneId = phone.id;
 
   const actions = (
     [
-      !showTOTP && !phone.defaultSecondFactor
+      !isDefault
         ? {
             label: localizationKeys('userProfile.start.mfaSection.phoneCode.actionLabel__setDefault'),
             onClick: () => phone.makeDefaultSecondFactor().catch(err => handleError(err, [], card.setError)),
           }
         : null,
-      {
-        label: localizationKeys('userProfile.start.mfaSection.phoneCode.destructiveActionLabel'),
-        isDestructive: true,
-        onClick: () => open(`remove-${phoneId}`),
-      },
+      !hidePhoneCodeDeleteAction
+        ? {
+            label: localizationKeys('userProfile.start.mfaSection.phoneCode.destructiveActionLabel'),
+            isDestructive: true,
+            onClick: () => open(`remove-${phoneId}`),
+          }
+        : null,
     ] satisfies (PropsOfComponent<typeof ThreeDotsMenu>['actions'][0] | null)[]
   ).filter(a => a !== null) as PropsOfComponent<typeof ThreeDotsMenu>['actions'];
 
+  if (actions.length === 0) {
+    return null;
+  }
+
   return <ThreeDotsMenu actions={actions} />;
 };
 
@@ -216,6 +228,24 @@ type MfaAddMenuProps = ProfileSectionActionMenuItemProps & {
   onClick?: () => void;
 };
 
+const strategiesMap = {
+  phone_code: {
+    icon: Mobile,
+    text: 'SMS code',
+    key: 'phone_code',
+  },
+  totp: {
+    icon: AuthApp,
+    text: 'Authenticator application',
+    key: 'totp',
+  },
+  backup_code: {
+    icon: DotCircle,
+    text: 'Backup code',
+    key: 'backup_code',
+  },
+} as const;
+
 const MfaAddMenu = (props: MfaAddMenuProps) => {
   const { open } = useActionContext();
   const { secondFactorsAvailableToAdd, onClick } = props;
@@ -225,27 +255,7 @@ const MfaAddMenu = (props: MfaAddMenuProps) => {
     () =>
       secondFactorsAvailableToAdd
         .map(key => {
-          if (key === 'phone_code') {
-            return {
-              icon: Mobile,
-              text: 'SMS code',
-              key: 'phone_code',
-            } as const;
-          } else if (key === 'totp') {
-            return {
-              icon: AuthApp,
-              text: 'Authenticator application',
-              key: 'totp',
-            } as const;
-          } else if (key === 'backup_code') {
-            return {
-              icon: DotCircle,
-              text: 'Backup code',
-              key: 'backup_code',
-            } as const;
-          }
-
-          return null;
+          return strategiesMap[key as keyof typeof strategiesMap] || null;
         })
         .filter(element => element !== null),
     [secondFactorsAvailableToAdd],
@@ -260,21 +270,18 @@ const MfaAddMenu = (props: MfaAddMenuProps) => {
             triggerLocalizationKey={localizationKeys('userProfile.start.mfaSection.primaryButton')}
             onClick={onClick}
           >
-            {strategies.map(
-              method =>
-                method && (
-                  <ProfileSection.ActionMenuItem
-                    key={method.key}
-                    id={method.key}
-                    localizationKey={method.text}
-                    leftIcon={method.icon}
-                    onClick={() => {
-                      setSelectedStrategy(method.key);
-                      open('multi-factor');
-                    }}
-                  />
-                ),
-            )}
+            {strategies.map(method => (
+              <ProfileSection.ActionMenuItem
+                key={method.key}
+                id={method.key}
+                localizationKey={method.text}
+                leftIcon={method.icon}
+                onClick={() => {
+                  setSelectedStrategy(method.key);
+                  open('multi-factor');
+                }}
+              />
+            ))}
           </ProfileSection.ActionMenu>
         </Action.Closed>
       )}
diff --git a/packages/clerk-js/src/ui/components/UserProfile/__tests__/MfaPage.test.tsx b/packages/clerk-js/src/ui/components/UserProfile/__tests__/MfaPage.test.tsx
index 3fa7152f9e2..ff6e64e3a85 100644
--- a/packages/clerk-js/src/ui/components/UserProfile/__tests__/MfaPage.test.tsx
+++ b/packages/clerk-js/src/ui/components/UserProfile/__tests__/MfaPage.test.tsx
@@ -386,4 +386,194 @@ describe('MfaPage', () => {
       });
     });
   });
+
+  describe('Hide delete actions when MFA is required', () => {
+    it('hides TOTP delete action when MFA is required and TOTP is the only second factor', async () => {
+      const { wrapper } = await createFixtures(f => {
+        f.withAuthenticatorApp();
+        f.withMfaRequired(true);
+        f.withUser({
+          two_factor_enabled: true,
+          totp_enabled: true,
+        });
+      });
+
+      const { findByText } = render(
+        <CardStateProvider>
+          <MfaSection />
+        </CardStateProvider>,
+        { wrapper },
+      );
+
+      await findByText('Two-step verification');
+      await findByText(/Authenticator application/i);
+
+      const itemButton = (await findByText(/Authenticator application/i))?.parentElement?.parentElement?.children[1];
+      expect(itemButton).toBeUndefined();
+    });
+
+    it('shows TOTP delete action when MFA is required but phone_code is also available', async () => {
+      const { wrapper } = await createFixtures(f => {
+        f.withAuthenticatorApp();
+        f.withPhoneNumber({ second_factors: ['phone_code'], used_for_second_factor: true });
+        f.withMfaRequired(true);
+        f.withUser({
+          phone_numbers: [
+            {
+              phone_number: '+306911111111',
+              id: 'id',
+              reserved_for_second_factor: true,
+              verification: { status: 'verified', strategy: 'phone_code' } as VerificationJSON,
+            },
+          ],
+          two_factor_enabled: true,
+          totp_enabled: true,
+        });
+      });
+
+      const { findByText } = render(
+        <CardStateProvider>
+          <MfaSection />
+        </CardStateProvider>,
+        { wrapper },
+      );
+
+      await findByText('Two-step verification');
+      await findByText(/Authenticator application/i);
+
+      const itemButton = (await findByText(/Authenticator application/i))?.parentElement?.parentElement?.children[1];
+      expect(itemButton).toBeDefined();
+    });
+
+    it('shows TOTP delete action when MFA is not required', async () => {
+      const { wrapper } = await createFixtures(f => {
+        f.withAuthenticatorApp();
+        f.withMfaRequired(false);
+        f.withUser({
+          two_factor_enabled: true,
+          totp_enabled: true,
+        });
+      });
+
+      const { findByText } = render(
+        <CardStateProvider>
+          <MfaSection />
+        </CardStateProvider>,
+        { wrapper },
+      );
+
+      await findByText('Two-step verification');
+      await findByText(/Authenticator application/i);
+
+      const itemButton = (await findByText(/Authenticator application/i))?.parentElement?.parentElement?.children[1];
+      expect(itemButton).toBeDefined();
+    });
+
+    it('hides phone code delete action when it is the last one reserved for second factor and TOTP is not available', async () => {
+      const { wrapper } = await createFixtures(f => {
+        f.withPhoneNumber({ second_factors: ['phone_code'], used_for_second_factor: true });
+        f.withMfaRequired(true);
+        f.withUser({
+          phone_numbers: [
+            {
+              phone_number: '+306911111111',
+              id: 'id',
+              reserved_for_second_factor: true,
+              default_second_factor: true,
+              verification: { status: 'verified', strategy: 'phone_code' } as VerificationJSON,
+            },
+          ],
+          two_factor_enabled: true,
+        });
+      });
+
+      const { findByText } = render(
+        <CardStateProvider>
+          <MfaSection />
+        </CardStateProvider>,
+        { wrapper },
+      );
+
+      await findByText('Two-step verification');
+      await findByText(/\+30 691 1111111/i);
+
+      const itemButton = (await findByText(/\+30 691 1111111/i))?.parentElement?.parentElement?.parentElement
+        ?.children[1];
+
+      expect(itemButton).toBeUndefined();
+    });
+
+    it('shows phone code delete action when TOTP is also available', async () => {
+      const { wrapper } = await createFixtures(f => {
+        f.withMfaRequired(true);
+        f.withPhoneNumber({ second_factors: ['phone_code'], used_for_second_factor: true });
+        f.withAuthenticatorApp();
+        f.withUser({
+          phone_numbers: [
+            {
+              phone_number: '+306911111111',
+              id: 'id',
+              reserved_for_second_factor: true,
+              verification: { status: 'verified', strategy: 'phone_code' } as VerificationJSON,
+            },
+          ],
+          two_factor_enabled: true,
+          totp_enabled: true,
+        });
+      });
+
+      const { findByText } = render(
+        <CardStateProvider>
+          <MfaSection />
+        </CardStateProvider>,
+        { wrapper },
+      );
+
+      await findByText('Two-step verification');
+      await findByText(/\+30 691 1111111/i);
+
+      const itemButton = (await findByText(/\+30 691 1111111/i))?.parentElement?.parentElement?.parentElement
+        ?.children[1];
+
+      expect(itemButton).toBeDefined();
+    });
+
+    it('shows phone code delete action when multiple phone numbers are registered', async () => {
+      const { wrapper } = await createFixtures(f => {
+        f.withPhoneNumber({ second_factors: ['phone_code'], used_for_second_factor: true });
+        f.withUser({
+          phone_numbers: [
+            {
+              phone_number: '+306911111111',
+              id: 'id1',
+              reserved_for_second_factor: true,
+              verification: { status: 'verified', strategy: 'phone_code' } as VerificationJSON,
+            },
+            {
+              phone_number: '+306922222222',
+              id: 'id2',
+              reserved_for_second_factor: true,
+              verification: { status: 'verified', strategy: 'phone_code' } as VerificationJSON,
+            },
+          ],
+          two_factor_enabled: true,
+        });
+      });
+
+      const { findByText } = render(
+        <CardStateProvider>
+          <MfaSection />
+        </CardStateProvider>,
+        { wrapper },
+      );
+
+      await findByText('Two-step verification');
+      await findByText(/\+30 691 1111111/i);
+
+      const itemButton = (await findByText(/\+30 691 1111111/i))?.parentElement?.parentElement?.parentElement
+        ?.children[1];
+
+      expect(itemButton).toBeDefined();
+    });
+  });
 });
diff --git a/packages/clerk-js/src/ui/components/UserProfile/utils.ts b/packages/clerk-js/src/ui/components/UserProfile/utils.ts
index e10993d2ba2..804efe568f9 100644
--- a/packages/clerk-js/src/ui/components/UserProfile/utils.ts
+++ b/packages/clerk-js/src/ui/components/UserProfile/utils.ts
@@ -1,10 +1,6 @@
-import type {
-  Attributes,
-  EmailAddressResource,
-  PhoneNumberResource,
-  UserResource,
-  Web3WalletResource,
-} from '@clerk/shared/types';
+import type { EmailAddressResource, PhoneNumberResource, Web3WalletResource } from '@clerk/shared/types';
+
+export { defaultFirst, getSecondFactors, getSecondFactorsAvailableToAdd } from '@/ui/utils/mfa';
 
 type IDable = { id: string };
 
@@ -14,36 +10,6 @@ export const primaryIdentificationFirst = (primaryId: string | null) => (val1: I
 
 export const currentSessionFirst = (id: string) => (a: IDable) => (a.id === id ? -1 : 1);
 
-export const defaultFirst = (a: PhoneNumberResource) => (a.defaultSecondFactor ? -1 : 1);
-
-export function getSecondFactors(attributes: Partial<Attributes>): string[] {
-  const secondFactors: string[] = [];
-
-  Object.entries(attributes).forEach(([, attr]) => {
-    if (attr.used_for_second_factor) {
-      secondFactors.push(...attr.second_factors);
-    }
-  });
-
-  return secondFactors;
-}
-
-export function getSecondFactorsAvailableToAdd(attributes: Partial<Attributes>, user: UserResource): string[] {
-  let sfs = getSecondFactors(attributes);
-
-  // If user.totp_enabled, skip totp from the list of choices
-  if (user.totpEnabled) {
-    sfs = sfs.filter(f => f !== 'totp');
-  }
-
-  // Remove backup codes if already enabled or user doesn't have another MFA method added
-  if (user.backupCodeEnabled || !user.twoFactorEnabled) {
-    sfs = sfs.filter(f => f !== 'backup_code');
-  }
-
-  return sfs;
-}
-
 export function sortIdentificationBasedOnVerification<
   T extends Array<EmailAddressResource | PhoneNumberResource | Web3WalletResource>,
 >(array: T | null | undefined, primaryId: string | null | undefined): T {
diff --git a/packages/clerk-js/src/ui/contexts/ClerkUIComponentsContext.tsx b/packages/clerk-js/src/ui/contexts/ClerkUIComponentsContext.tsx
index 19229545f0b..e954d7e8486 100644
--- a/packages/clerk-js/src/ui/contexts/ClerkUIComponentsContext.tsx
+++ b/packages/clerk-js/src/ui/contexts/ClerkUIComponentsContext.tsx
@@ -4,6 +4,7 @@ import type {
   PricingTableProps,
   TaskChooseOrganizationProps,
   TaskResetPasswordProps,
+  TaskSetupMFAProps,
   UserButtonProps,
   WaitlistProps,
 } from '@clerk/shared/types';
@@ -32,6 +33,7 @@ import {
   SessionTasksContext,
   TaskChooseOrganizationContext,
   TaskResetPasswordContext,
+  TaskSetupMFAContext,
 } from './components/SessionTasks';
 
 export function ComponentContextProvider({
@@ -143,6 +145,14 @@ export function ComponentContextProvider({
           </SessionTasksContext.Provider>
         </TaskResetPasswordContext.Provider>
       );
+    case 'TaskSetupMFA':
+      return (
+        <TaskSetupMFAContext.Provider value={{ componentName: 'TaskSetupMFA', ...(props as TaskSetupMFAProps) }}>
+          <SessionTasksContext.Provider value={{ ...(props as TaskSetupMFAProps) }}>
+            {children}
+          </SessionTasksContext.Provider>
+        </TaskSetupMFAContext.Provider>
+      );
     default:
       throw new Error(`Unknown component context: ${componentName}`);
   }
diff --git a/packages/clerk-js/src/ui/contexts/components/SessionTasks.ts b/packages/clerk-js/src/ui/contexts/components/SessionTasks.ts
index 1f25c3cdc05..43db0224178 100644
--- a/packages/clerk-js/src/ui/contexts/components/SessionTasks.ts
+++ b/packages/clerk-js/src/ui/contexts/components/SessionTasks.ts
@@ -4,7 +4,7 @@ import { createContext, useContext } from 'react';
 import { getTaskEndpoint } from '@/core/sessionTasks';
 import { useRouter } from '@/ui/router';
 
-import type { SessionTasksCtx, TaskChooseOrganizationCtx, TaskResetPasswordCtx } from '../../types';
+import type { SessionTasksCtx, TaskChooseOrganizationCtx, TaskResetPasswordCtx, TaskSetupMFACtx } from '../../types';
 
 export const SessionTasksContext = createContext<SessionTasksCtx | null>(null);
 
@@ -67,3 +67,15 @@ export const useTaskResetPasswordContext = (): TaskResetPasswordCtx => {
 
   return context;
 };
+
+export const TaskSetupMFAContext = createContext<TaskSetupMFACtx | null>(null);
+
+export const useTaskSetupMFAContext = (): TaskSetupMFACtx => {
+  const context = useContext(TaskSetupMFAContext);
+
+  if (context === null) {
+    throw new Error('Clerk: useTaskSetupMFAContext called outside of the mounted TaskSetupMFA component.');
+  }
+
+  return context;
+};
diff --git a/packages/clerk-js/src/ui/customizables/elementDescriptors.ts b/packages/clerk-js/src/ui/customizables/elementDescriptors.ts
index c5d7ed6583a..017a5717ac5 100644
--- a/packages/clerk-js/src/ui/customizables/elementDescriptors.ts
+++ b/packages/clerk-js/src/ui/customizables/elementDescriptors.ts
@@ -220,6 +220,12 @@ export const APPEARANCE_KEYS = containsAllElementsConfigKeys([
   'taskChooseOrganizationCreateOrganizationActionButton',
   'taskChooseOrganizationPreviewButton',
 
+  'taskSetupMfaMethodSelectionItem',
+  'taskSetupMfaMethodSelectionItems',
+  'taskSetupMfaPhoneSelectionItems',
+  'taskSetupMfaPhoneSelectionItem',
+  'taskSetupMfaPhoneSelectionAddPhoneAction',
+
   'userAvatarBox',
   'userAvatarImage',
 
diff --git a/packages/clerk-js/src/ui/elements/FormContainer.tsx b/packages/clerk-js/src/ui/elements/FormContainer.tsx
index 060023910a8..ee350698f4e 100644
--- a/packages/clerk-js/src/ui/elements/FormContainer.tsx
+++ b/packages/clerk-js/src/ui/elements/FormContainer.tsx
@@ -15,6 +15,7 @@ type PageProps = PropsOfComponent<typeof Col> & {
   headerTitleTextVariant?: PropsOfComponent<typeof Header.Title>['textVariant'];
   headerSubtitle?: LocalizationKey;
   headerSubtitleTextVariant?: PropsOfComponent<typeof Header.Subtitle>['variant'];
+  badgeText?: LocalizationKey;
 };
 
 export const FormContainer = (props: PageProps) => {
@@ -23,6 +24,7 @@ export const FormContainer = (props: PageProps) => {
     headerTitleTextVariant = 'h3',
     headerSubtitle,
     headerSubtitleTextVariant = 'body',
+    badgeText,
     children,
     sx,
     ...rest
@@ -37,7 +39,7 @@ export const FormContainer = (props: PageProps) => {
       sx={[sx]}
     >
       {(headerTitle || headerSubtitle) && (
-        <Header.Root>
+        <Header.Root badgeText={badgeText}>
           {headerTitle && (
             <Header.Title
               textVariant={headerTitleTextVariant}
diff --git a/packages/clerk-js/src/ui/elements/Header.tsx b/packages/clerk-js/src/ui/elements/Header.tsx
index 9c1c85ea812..558eb722e3f 100644
--- a/packages/clerk-js/src/ui/elements/Header.tsx
+++ b/packages/clerk-js/src/ui/elements/Header.tsx
@@ -1,6 +1,17 @@
 import React from 'react';
 
-import { Col, descriptors, Heading, Icon, Link, Text, useAppearance } from '../customizables';
+import {
+  Badge,
+  Col,
+  descriptors,
+  Flex,
+  Heading,
+  Icon,
+  Link,
+  type LocalizationKey,
+  Text,
+  useAppearance,
+} from '../customizables';
 import { ArrowLeftIcon } from '../icons';
 import type { PropsOfComponent, ThemableCssProp } from '../styledSystem';
 import { ApplicationLogo } from './ApplicationLogo';
@@ -10,11 +21,12 @@ export type HeaderProps = PropsOfComponent<typeof Col> & {
   showLogo?: boolean;
   showDivider?: boolean;
   contentSx?: ThemableCssProp;
+  badgeText?: LocalizationKey;
 };
 
 const Root = React.memo(
   React.forwardRef<HTMLDivElement, HeaderProps>((props, ref) => {
-    const { sx, children, contentSx, gap = 6, showLogo = false, showDivider = false, ...rest } = props;
+    const { sx, children, contentSx, gap = 6, showLogo = false, showDivider = false, badgeText, ...rest } = props;
     const appearance = useAppearance();
 
     const logoIsVisible = appearance.parsedLayout.logoPlacement === 'inside' && showLogo;
@@ -30,6 +42,11 @@ const Root = React.memo(
       >
         {logoIsVisible && <ApplicationLogo />}
         {verticalDividerIsVisible && <VerticalDivider />}
+        {badgeText && (
+          <Flex justify='center'>
+            <Badge localizationKey={badgeText} />
+          </Flex>
+        )}
         <Col
           gap={1}
           sx={contentSx}
diff --git a/packages/clerk-js/src/ui/elements/SuccessPage.tsx b/packages/clerk-js/src/ui/elements/SuccessPage.tsx
index 46f3841db59..c5d5b5e9cef 100644
--- a/packages/clerk-js/src/ui/elements/SuccessPage.tsx
+++ b/packages/clerk-js/src/ui/elements/SuccessPage.tsx
@@ -11,14 +11,17 @@ import { Header } from './Header';
 
 type SuccessPageProps = Omit<PropsOfComponent<typeof Flex>, 'headerTitle' | 'title'> & {
   title?: LocalizationKey;
+  subtitle?: LocalizationKey;
   text?: LocalizationKey | LocalizationKey[];
   finishLabel?: LocalizationKey;
   contents?: React.ReactNode;
+  headerBadgeText?: LocalizationKey;
   onFinish?: () => void;
+  finishButtonProps?: PropsOfComponent<typeof Button>;
 };
 
 export const SuccessPage = (props: SuccessPageProps) => {
-  const { text, title, finishLabel, onFinish, contents, ...rest } = props;
+  const { text, title, subtitle, finishLabel, onFinish, contents, finishButtonProps, headerBadgeText, ...rest } = props;
   const { navigateToFlowStart } = useNavigateToFlowStart();
 
   return (
@@ -26,11 +29,14 @@ export const SuccessPage = (props: SuccessPageProps) => {
       {...rest}
       gap={4}
     >
-      <Header.Root>
-        <Header.Title
-          localizationKey={title}
-          textVariant='subtitle'
-        />
+      <Header.Root badgeText={headerBadgeText}>
+        {title && (
+          <Header.Title
+            localizationKey={title}
+            textVariant={subtitle ? undefined : 'subtitle'}
+          />
+        )}
+        {subtitle && <Header.Subtitle localizationKey={subtitle} />}
       </Header.Root>
       <Col gap={4}>
         {Array.isArray(text) ? (
@@ -62,6 +68,7 @@ export const SuccessPage = (props: SuccessPageProps) => {
           localizationKey={finishLabel || localizationKeys('userProfile.formButtonPrimary__finish')}
           elementDescriptor={descriptors.formButtonPrimary}
           onClick={onFinish || navigateToFlowStart}
+          {...finishButtonProps}
         />
       </FormButtonContainer>
     </Col>
diff --git a/packages/clerk-js/src/ui/elements/VerificationCodeCard.tsx b/packages/clerk-js/src/ui/elements/VerificationCodeCard.tsx
index 3163ba73f2e..c8ac57972ff 100644
--- a/packages/clerk-js/src/ui/elements/VerificationCodeCard.tsx
+++ b/packages/clerk-js/src/ui/elements/VerificationCodeCard.tsx
@@ -15,10 +15,12 @@ export type VerificationCodeCardProps = {
   cardSubtitle: LocalizationKey;
   cardNotice?: LocalizationKey;
   inputLabel?: LocalizationKey;
+  backLinkLabel?: LocalizationKey;
   safeIdentifier?: string | undefined | null;
   resendButton?: LocalizationKey;
   alternativeMethodsLabel?: LocalizationKey;
   profileImageUrl?: string;
+  badgeText?: LocalizationKey;
   onCodeEntryFinishedAction: (
     code: string,
     resolve: () => Promise<void>,
@@ -32,6 +34,18 @@ export type VerificationCodeCardProps = {
 };
 
 export const VerificationCodeCard = (props: PropsWithChildren<VerificationCodeCardProps>) => {
+  return (
+    <Card.Root>
+      <Card.Content>
+        <VerificationCodeContent {...props} />
+      </Card.Content>
+
+      <Card.Footer />
+    </Card.Root>
+  );
+};
+
+export const VerificationCodeContent = (props: PropsWithChildren<VerificationCodeCardProps>) => {
   const { showAlternativeMethods = true, cardNotice, children } = props;
   const card = useCardState();
 
@@ -43,63 +57,68 @@ export const VerificationCodeCard = (props: PropsWithChildren<VerificationCodeCa
   });
 
   return (
-    <Card.Root>
-      <Card.Content>
-        <Header.Root>
-          <Header.Title localizationKey={props.cardTitle} />
-          <Header.Subtitle localizationKey={props.cardSubtitle} />
-          <IdentityPreview
-            identifier={props.safeIdentifier}
-            avatarUrl={props.profileImageUrl}
-            onClick={!props.onBackLinkClicked ? props.onIdentityPreviewEditClicked : undefined}
-          />
-        </Header.Root>
-        <Card.Alert>{card.error}</Card.Alert>
-        {children}
-        <Col
-          elementDescriptor={descriptors.main}
-          gap={8}
-        >
-          <Form.OTPInput
-            {...otp}
-            label={props.inputLabel}
-            resendButton={props.resendButton}
-          />
+    <>
+      <Header.Root badgeText={props.badgeText}>
+        <Header.Title localizationKey={props.cardTitle} />
+        <Header.Subtitle localizationKey={props.cardSubtitle} />
+        <IdentityPreview
+          identifier={props.safeIdentifier}
+          avatarUrl={props.profileImageUrl}
+          onClick={props.onIdentityPreviewEditClicked ? props.onIdentityPreviewEditClicked : undefined}
+        />
+      </Header.Root>
+      <Card.Alert>{card.error}</Card.Alert>
+      {children}
+      <Col
+        elementDescriptor={descriptors.main}
+        gap={8}
+      >
+        <Form.OTPInput
+          {...otp}
+          label={props.inputLabel}
+          resendButton={props.resendButton}
+        />
 
-          {cardNotice && (
-            <Alert colorScheme='warning'>
-              <Text
-                colorScheme='warning'
-                localizationKey={cardNotice}
-                variant='caption'
-              />
-            </Alert>
-          )}
+        {cardNotice && (
+          <Alert colorScheme='warning'>
+            <Text
+              colorScheme='warning'
+              localizationKey={cardNotice}
+              variant='caption'
+            />
+          </Alert>
+        )}
 
-          <Col gap={3}>
+        <Col gap={3}>
+          <Button
+            elementDescriptor={descriptors.formButtonPrimary}
+            block
+            hasArrow
+            isLoading={otp.isLoading}
+            localizationKey={localizationKeys('formButtonPrimary')}
+            onClick={otp.onFakeContinue}
+          />
+          {props.onBackLinkClicked && (
             <Button
-              elementDescriptor={descriptors.formButtonPrimary}
+              elementDescriptor={descriptors.formButtonReset}
               block
-              hasArrow
-              isLoading={otp.isLoading}
-              localizationKey={localizationKeys('formButtonPrimary')}
-              onClick={otp.onFakeContinue}
+              variant='ghost'
+              localizationKey={props.backLinkLabel}
+              onClick={props.onBackLinkClicked}
             />
-            {showAlternativeMethods && props.onShowAlternativeMethodsClicked && (
-              <Card.Action elementId='alternativeMethods'>
-                <Card.ActionLink
-                  localizationKey={
-                    props.alternativeMethodsLabel ?? localizationKeys('footerActionLink__useAnotherMethod')
-                  }
-                  onClick={props.onShowAlternativeMethodsClicked}
-                />
-              </Card.Action>
-            )}
-          </Col>
+          )}
+          {showAlternativeMethods && props.onShowAlternativeMethodsClicked && (
+            <Card.Action elementId='alternativeMethods'>
+              <Card.ActionLink
+                localizationKey={
+                  props.alternativeMethodsLabel ?? localizationKeys('footerActionLink__useAnotherMethod')
+                }
+                onClick={props.onShowAlternativeMethodsClicked}
+              />
+            </Card.Action>
+          )}
         </Col>
-      </Card.Content>
-
-      <Card.Footer />
-    </Card.Root>
+      </Col>
+    </>
   );
 };
diff --git a/packages/clerk-js/src/ui/elements/contexts/index.tsx b/packages/clerk-js/src/ui/elements/contexts/index.tsx
index c61a5fe7d37..b9a51ac1664 100644
--- a/packages/clerk-js/src/ui/elements/contexts/index.tsx
+++ b/packages/clerk-js/src/ui/elements/contexts/index.tsx
@@ -103,7 +103,8 @@ export type FlowMetadata = {
     | 'tasks'
     | 'taskChooseOrganization'
     | 'enableOrganizations'
-    | 'taskResetPassword';
+    | 'taskResetPassword'
+    | 'taskSetupMfa';
   part?:
     | 'start'
     | 'emailCode'
@@ -130,7 +131,8 @@ export type FlowMetadata = {
     | 'chooseOrganization'
     | 'organizationCreationDisabled'
     | 'enterpriseConnections'
-    | 'chooseWallet';
+    | 'chooseWallet'
+    | 'methodSelectionMFA';
 };
 
 const [FlowMetadataCtx, useFlowMetadata] = createContextAndHook<FlowMetadata>('FlowMetadata');
diff --git a/packages/clerk-js/src/ui/lazyModules/components.ts b/packages/clerk-js/src/ui/lazyModules/components.ts
index e5a0d04b73e..0cc57f424ca 100644
--- a/packages/clerk-js/src/ui/lazyModules/components.ts
+++ b/packages/clerk-js/src/ui/lazyModules/components.ts
@@ -25,6 +25,7 @@ const componentImportPaths = {
     import(/* webpackChunkName: "taskChooseOrganization" */ '../components/SessionTasks/tasks/TaskChooseOrganization'),
   TaskResetPassword: () =>
     import(/* webpackChunkName: "taskResetPassword" */ '../components/SessionTasks/tasks/TaskResetPassword'),
+  TaskSetupMFA: () => import(/* webpackChunkName: "taskSetupMFA" */ '../components/SessionTasks/tasks/TaskSetupMfa'),
   PlanDetails: () => import(/* webpackChunkName: "planDetails" */ '../components/Plans/PlanDetails'),
   SubscriptionDetails: () => import(/* webpackChunkName: "subscriptionDetails" */ '../components/SubscriptionDetails'),
   APIKeys: () => import(/* webpackChunkName: "apiKeys" */ '../components/APIKeys/APIKeys'),
@@ -129,6 +130,10 @@ export const TaskResetPassword = lazy(() =>
   componentImportPaths.TaskResetPassword().then(module => ({ default: module.TaskResetPassword })),
 );
 
+export const TaskSetupMFA = lazy(() =>
+  componentImportPaths.TaskSetupMFA().then(module => ({ default: module.TaskSetupMFA })),
+);
+
 export const PlanDetails = lazy(() =>
   componentImportPaths.PlanDetails().then(module => ({ default: module.PlanDetails })),
 );
@@ -179,6 +184,7 @@ export const ClerkComponents = {
   SubscriptionDetails,
   TaskChooseOrganization,
   TaskResetPassword,
+  TaskSetupMFA,
 };
 
 export type ClerkComponentName = keyof typeof ClerkComponents;
diff --git a/packages/clerk-js/src/ui/types.ts b/packages/clerk-js/src/ui/types.ts
index 6e8dbd0c679..4f63f36f78e 100644
--- a/packages/clerk-js/src/ui/types.ts
+++ b/packages/clerk-js/src/ui/types.ts
@@ -20,11 +20,13 @@ import type {
   SignUpProps,
   TaskChooseOrganizationProps,
   TaskResetPasswordProps,
+  TaskSetupMFAProps,
   UserAvatarProps,
   UserButtonProps,
   UserProfileProps,
   WaitlistProps,
 } from '@clerk/shared/types';
+import type { MutableRefObject } from 'react';
 
 export type {
   __internal_OAuthConsentProps,
@@ -60,7 +62,8 @@ export type AvailableComponentProps =
   | __internal_PlanDetailsProps
   | APIKeysProps
   | TaskChooseOrganizationProps
-  | TaskResetPasswordProps;
+  | TaskResetPasswordProps
+  | TaskSetupMFAProps;
 
 type ComponentMode = 'modal' | 'mounted';
 type SignInMode = 'modal' | 'redirect';
@@ -144,6 +147,7 @@ export type CheckoutCtx = __internal_CheckoutProps & {
 
 export type SessionTasksCtx = {
   redirectUrlComplete: string;
+  redirectOnActiveSession?: MutableRefObject<boolean>;
 };
 
 export type TaskChooseOrganizationCtx = TaskChooseOrganizationProps & {
@@ -154,6 +158,10 @@ export type TaskResetPasswordCtx = TaskResetPasswordProps & {
   componentName: 'TaskResetPassword';
 };
 
+export type TaskSetupMFACtx = TaskSetupMFAProps & {
+  componentName: 'TaskSetupMFA';
+};
+
 export type OAuthConsentCtx = __internal_OAuthConsentProps & {
   componentName: 'OAuthConsent';
 };
@@ -186,5 +194,6 @@ export type AvailableComponentCtx =
   | SubscriptionDetailsCtx
   | PlanDetailsCtx
   | TaskChooseOrganizationCtx
-  | TaskResetPasswordCtx;
+  | TaskResetPasswordCtx
+  | TaskSetupMFACtx;
 export type AvailableComponentName = AvailableComponentCtx['componentName'];
diff --git a/packages/clerk-js/src/ui/utils/mfa.ts b/packages/clerk-js/src/ui/utils/mfa.ts
new file mode 100644
index 00000000000..b52bbc304c4
--- /dev/null
+++ b/packages/clerk-js/src/ui/utils/mfa.ts
@@ -0,0 +1,32 @@
+import type { Attributes, PhoneNumberResource, UserResource, VerificationStrategy } from '@clerk/shared/types';
+
+export const defaultFirst = (a: PhoneNumberResource) => (a.defaultSecondFactor ? -1 : 1);
+
+export function getSecondFactors(attributes: Partial<Attributes>): VerificationStrategy[] {
+  const secondFactors: VerificationStrategy[] = [];
+
+  Object.entries(attributes).forEach(([, attr]) => {
+    if (attr?.used_for_second_factor && attr.second_factors) {
+      secondFactors.push(...attr.second_factors);
+    }
+  });
+
+  return secondFactors;
+}
+
+export function getSecondFactorsAvailableToAdd(
+  attributes: Partial<Attributes>,
+  user: UserResource,
+): VerificationStrategy[] {
+  let sfs = getSecondFactors(attributes);
+
+  if (user.totpEnabled) {
+    sfs = sfs.filter(f => f !== 'totp');
+  }
+
+  if (user.backupCodeEnabled || !user.twoFactorEnabled) {
+    sfs = sfs.filter(f => f !== 'backup_code');
+  }
+
+  return sfs;
+}
diff --git a/packages/localizations/src/en-US.ts b/packages/localizations/src/en-US.ts
index 5e5cceb5199..4ee293eb795 100644
--- a/packages/localizations/src/en-US.ts
+++ b/packages/localizations/src/en-US.ts
@@ -898,6 +898,76 @@ export const enUS: LocalizationResource = {
     subtitle: 'Your account requires a new password before you can continue',
     title: 'Reset your password',
   },
+  taskSetupMfa: {
+    badge: 'Two-step verification setup',
+    signOut: {
+      actionLink: 'Sign out',
+      actionText: 'Signed in as {{identifier}}',
+    },
+    smsCode: {
+      addPhone: {
+        formButtonPrimary: 'Continue',
+        infoText:
+          'A text message containing a verification code will be sent to this phone number. Message and data rates may apply.',
+      },
+      addPhoneNumber: 'Add phone number',
+      cancel: 'Cancel',
+      subtitle: 'Choose phone number you want to use for SMS code two-step verification',
+      success: {
+        finishButton: 'Continue',
+        message1:
+          'Two-step verification is now enabled. When signing in, you will need to enter a verification code sent to this phone number as an additional step.',
+        message2:
+          'Save these backup codes and store them somewhere safe. If you lose access to your authentication device, you can use backup codes to sign in.',
+        title: 'SMS code verification enabled',
+      },
+      title: 'Add SMS code verification',
+      verifyPhone: {
+        formButtonPrimary: 'Continue',
+        formTitle: 'Verification code',
+        resendButton: "Didn't receive a code? Resend",
+        subtitle: 'Enter the verification code sent to',
+        title: 'Verify your phone number',
+      },
+    },
+    start: {
+      methodSelection: {
+        phoneCode: 'SMS code',
+        totp: 'Authenticator application',
+      },
+      subtitle: 'Choose which method you prefer to protect your account with an extra layer of security',
+      title: 'Set up two-step verification',
+    },
+    totpCode: {
+      addAuthenticatorApp: {
+        buttonAbleToScan__nonPrimary: 'Scan QR code instead',
+        buttonUnableToScan__nonPrimary: "Can't scan QR code?",
+        formButtonPrimary: 'Continue',
+        formButtonReset: 'Cancel',
+        infoText__ableToScan:
+          'Set up a new sign-in method in your authenticator app and scan the following QR code to link it to your account.',
+        infoText__unableToScan: 'Set up a new sign-in method in your authenticator and enter the Key provided below.',
+        inputLabel__unableToScan1:
+          'Make sure Time-based or One-time passwords is enabled, then finish linking your account.',
+      },
+      success: {
+        finishButton: 'Continue',
+        message1:
+          'Two-step verification is now enabled. When signing in, you will need to enter a verification code from this authenticator as an additional step.',
+        message2:
+          'Save these backup codes and store them somewhere safe. If you lose access to your authentication device, you can use backup codes to sign in.',
+        title: 'Authenticator application verification enabled',
+      },
+      title: 'Add authenticator application',
+      verifyTotp: {
+        formButtonPrimary: 'Continue',
+        formButtonReset: 'Cancel',
+        formTitle: 'Verification code',
+        subtitle: 'Enter verification code generated by your authenticator',
+        title: 'Add authenticator application',
+      },
+    },
+  },
   unstable__errors: {
     already_a_member_in_organization: '{{email}} is already a member of the organization.',
     avatar_file_size_exceeded: 'File size exceeds the maximum limit of 10MB. Please choose a smaller file.',
diff --git a/packages/nextjs/src/client-boundary/uiComponents.tsx b/packages/nextjs/src/client-boundary/uiComponents.tsx
index 3838edd423b..35df3c02c70 100644
--- a/packages/nextjs/src/client-boundary/uiComponents.tsx
+++ b/packages/nextjs/src/client-boundary/uiComponents.tsx
@@ -24,6 +24,7 @@ export {
   SignUpButton,
   TaskChooseOrganization,
   TaskResetPassword,
+  TaskSetupMFA,
   UserAvatar,
   UserButton,
   Waitlist,
diff --git a/packages/nextjs/src/index.ts b/packages/nextjs/src/index.ts
index 744d1f13f68..2d7dab96a44 100644
--- a/packages/nextjs/src/index.ts
+++ b/packages/nextjs/src/index.ts
@@ -36,6 +36,7 @@ export {
   SignUpButton,
   TaskChooseOrganization,
   TaskResetPassword,
+  TaskSetupMFA,
   UserAvatar,
   UserButton,
   UserProfile,
diff --git a/packages/react-router/src/__tests__/__snapshots__/exports.test.ts.snap b/packages/react-router/src/__tests__/__snapshots__/exports.test.ts.snap
index 7a9f5772212..d7c47009f10 100644
--- a/packages/react-router/src/__tests__/__snapshots__/exports.test.ts.snap
+++ b/packages/react-router/src/__tests__/__snapshots__/exports.test.ts.snap
@@ -39,6 +39,7 @@ exports[`root public exports > should not change unexpectedly 1`] = `
   "SignedOut",
   "TaskChooseOrganization",
   "TaskResetPassword",
+  "TaskSetupMFA",
   "UserAvatar",
   "UserButton",
   "UserProfile",
diff --git a/packages/react/src/components/index.ts b/packages/react/src/components/index.ts
index dfbcedcfa93..124b06512b8 100644
--- a/packages/react/src/components/index.ts
+++ b/packages/react/src/components/index.ts
@@ -10,6 +10,7 @@ export {
   SignUp,
   TaskChooseOrganization,
   TaskResetPassword,
+  TaskSetupMFA,
   UserAvatar,
   UserButton,
   UserProfile,
diff --git a/packages/react/src/components/uiComponents.tsx b/packages/react/src/components/uiComponents.tsx
index 7ef5424f6d9..57d7fc84ca9 100644
--- a/packages/react/src/components/uiComponents.tsx
+++ b/packages/react/src/components/uiComponents.tsx
@@ -10,6 +10,7 @@ import type {
   SignUpProps,
   TaskChooseOrganizationProps,
   TaskResetPasswordProps,
+  TaskSetupMFAProps,
   UserAvatarProps,
   UserButtonProps,
   UserProfileProps,
@@ -725,3 +726,31 @@ export const TaskResetPassword = withClerk(
   },
   { component: 'TaskResetPassword', renderWhileLoading: true },
 );
+
+export const TaskSetupMFA = withClerk(
+  ({ clerk, component, fallback, ...props }: WithClerkProp<TaskSetupMFAProps & FallbackProp>) => {
+    const mountingStatus = useWaitForComponentMount(component);
+    const shouldShowFallback = mountingStatus === 'rendering' || !clerk.loaded;
+
+    const rendererRootProps = {
+      ...(shouldShowFallback && fallback && { style: { display: 'none' } }),
+    };
+
+    return (
+      <>
+        {shouldShowFallback && fallback}
+        {clerk.loaded && (
+          <ClerkHostRenderer
+            component={component}
+            mount={clerk.mountTaskSetupMfa}
+            unmount={clerk.unmountTaskSetupMfa}
+            updateProps={(clerk as any).__unstable__updateProps}
+            props={props}
+            rootProps={rendererRootProps}
+          />
+        )}
+      </>
+    );
+  },
+  { component: 'TaskSetupMFA', renderWhileLoading: true },
+);
diff --git a/packages/react/src/isomorphicClerk.ts b/packages/react/src/isomorphicClerk.ts
index 961a3acc47b..87256831f13 100644
--- a/packages/react/src/isomorphicClerk.ts
+++ b/packages/react/src/isomorphicClerk.ts
@@ -50,6 +50,7 @@ import type {
   State,
   TaskChooseOrganizationProps,
   TaskResetPasswordProps,
+  TaskSetupMFAProps,
   TasksRedirectOptions,
   UnsubscribeCallback,
   UserAvatarProps,
@@ -153,6 +154,7 @@ export class IsomorphicClerk implements IsomorphicLoadedClerk {
   private premountOAuthConsentNodes = new Map<HTMLDivElement, __internal_OAuthConsentProps | undefined>();
   private premountTaskChooseOrganizationNodes = new Map<HTMLDivElement, TaskChooseOrganizationProps | undefined>();
   private premountTaskResetPasswordNodes = new Map<HTMLDivElement, TaskResetPasswordProps | undefined>();
+  private premountTaskSetupMfaNodes = new Map<HTMLDivElement, TaskSetupMFAProps | undefined>();
   // A separate Map of `addListener` method calls to handle multiple listeners.
   private premountAddListenerCalls = new Map<
     ListenerCallback,
@@ -682,6 +684,10 @@ export class IsomorphicClerk implements IsomorphicLoadedClerk {
       clerkjs.mountTaskResetPassword(node, props);
     });
 
+    this.premountTaskSetupMfaNodes.forEach((props, node) => {
+      clerkjs.mountTaskSetupMfa(node, props);
+    });
+
     /**
      * Only update status in case `clerk.status` is missing. In any other case, `clerk-js` should be the orchestrator.
      */
@@ -1240,6 +1246,22 @@ export class IsomorphicClerk implements IsomorphicLoadedClerk {
     }
   };
 
+  mountTaskSetupMfa = (node: HTMLDivElement, props?: TaskSetupMFAProps): void => {
+    if (this.clerkjs && this.loaded) {
+      this.clerkjs.mountTaskSetupMfa(node, props);
+    } else {
+      this.premountTaskSetupMfaNodes.set(node, props);
+    }
+  };
+
+  unmountTaskSetupMfa = (node: HTMLDivElement): void => {
+    if (this.clerkjs && this.loaded) {
+      this.clerkjs.unmountTaskSetupMfa(node);
+    } else {
+      this.premountTaskSetupMfaNodes.delete(node);
+    }
+  };
+
   addListener = (listener: ListenerCallback): UnsubscribeCallback => {
     if (this.clerkjs) {
       return this.clerkjs.addListener(listener);
diff --git a/packages/remix/src/__tests__/__snapshots__/exports.test.ts.snap b/packages/remix/src/__tests__/__snapshots__/exports.test.ts.snap
index 6e6d65b16e2..bb1778da3e9 100644
--- a/packages/remix/src/__tests__/__snapshots__/exports.test.ts.snap
+++ b/packages/remix/src/__tests__/__snapshots__/exports.test.ts.snap
@@ -33,6 +33,7 @@ exports[`root public exports > should not change unexpectedly 1`] = `
   "SignedOut",
   "TaskChooseOrganization",
   "TaskResetPassword",
+  "TaskSetupMFA",
   "UserAvatar",
   "UserButton",
   "UserProfile",
diff --git a/packages/shared/src/types/appearance.ts b/packages/shared/src/types/appearance.ts
index 19598760418..3e25f01f787 100644
--- a/packages/shared/src/types/appearance.ts
+++ b/packages/shared/src/types/appearance.ts
@@ -359,6 +359,12 @@ export type ElementsConfig = {
   taskChooseOrganizationCreateOrganizationActionButton: WithOptions;
   taskChooseOrganizationPreviewButton: WithOptions;
 
+  taskSetupMfaMethodSelectionItem: WithOptions;
+  taskSetupMfaMethodSelectionItems: WithOptions;
+  taskSetupMfaPhoneSelectionItems: WithOptions;
+  taskSetupMfaPhoneSelectionItem: WithOptions;
+  taskSetupMfaPhoneSelectionAddPhoneAction: WithOptions;
+
   userAvatarBox: WithOptions;
   userAvatarImage: WithOptions;
 
@@ -1056,6 +1062,7 @@ export type APIKeysTheme = Theme;
 export type OAuthConsentTheme = Theme;
 export type TaskChooseOrganizationTheme = Theme;
 export type TaskResetPasswordTheme = Theme;
+export type TaskSetupMFATheme = Theme;
 
 type GlobalAppearanceOptions = {
   /**
@@ -1140,6 +1147,10 @@ export type Appearance<T = Theme> = T &
      * Theme overrides that only apply to the `<TaskResetPassword />` component
      */
     taskResetPassword?: T;
+    /**
+     * Theme overrides that only apply to the `<TaskSetupMFA />` component
+     */
+    taskSetupMfa?: T;
     /**
      * Theme overrides that only apply to the `<EnableOrganizations/>` component
      */
diff --git a/packages/shared/src/types/clerk.ts b/packages/shared/src/types/clerk.ts
index e18204bed10..9216c93dadc 100644
--- a/packages/shared/src/types/clerk.ts
+++ b/packages/shared/src/types/clerk.ts
@@ -15,6 +15,7 @@ import type {
   SubscriptionDetailsTheme,
   TaskChooseOrganizationTheme,
   TaskResetPasswordTheme,
+  TaskSetupMFATheme,
   UserAvatarTheme,
   UserButtonTheme,
   UserProfileTheme,
@@ -662,6 +663,22 @@ export interface Clerk {
    */
   unmountTaskResetPassword: (targetNode: HTMLDivElement) => void;
 
+  /**
+   * Mounts a TaskSetupMFA component at the target element.
+   *
+   * @param targetNode - Target node to mount the TaskSetupMFA component.
+   * @param props - configuration parameters.
+   */
+  mountTaskSetupMfa: (targetNode: HTMLDivElement, props?: TaskSetupMFAProps) => void;
+
+  /**
+   * Unmount a TaskSetupMFA component from the target element.
+   * If there is no component mounted at the target node, results in a noop.
+   *
+   * @param targetNode - Target node to unmount the TaskSetupMFA component from.
+   */
+  unmountTaskSetupMfa: (targetNode: HTMLDivElement) => void;
+
   /**
    * @internal
    * Loads Stripe libraries for commerce functionality
@@ -2277,6 +2294,14 @@ export type TaskResetPasswordProps = {
   appearance?: TaskResetPasswordTheme;
 };
 
+export type TaskSetupMFAProps = {
+  /**
+   * Full URL or path to navigate to after successfully resolving all tasks
+   */
+  redirectUrlComplete: string;
+  appearance?: TaskSetupMFATheme;
+};
+
 export type CreateOrganizationInvitationParams = {
   emailAddress: string;
   role: OrganizationCustomRoleKey;
diff --git a/packages/shared/src/types/localization.ts b/packages/shared/src/types/localization.ts
index 7c3b5ae0fc0..d97301630d0 100644
--- a/packages/shared/src/types/localization.ts
+++ b/packages/shared/src/types/localization.ts
@@ -1327,6 +1327,69 @@ export type __internal_LocalizationResource = {
     };
     formButtonPrimary: LocalizationValue;
   };
+  taskSetupMfa: {
+    badge: LocalizationValue;
+    start: {
+      title: LocalizationValue;
+      subtitle: LocalizationValue;
+      methodSelection: {
+        totp: LocalizationValue;
+        phoneCode: LocalizationValue;
+      };
+    };
+    smsCode: {
+      title: LocalizationValue;
+      subtitle: LocalizationValue;
+      addPhoneNumber: LocalizationValue;
+      cancel: LocalizationValue;
+      verifyPhone: {
+        title: LocalizationValue;
+        subtitle: LocalizationValue;
+        formTitle: LocalizationValue;
+        resendButton: LocalizationValue;
+        formButtonPrimary: LocalizationValue;
+      };
+      addPhone: {
+        infoText: LocalizationValue;
+        formButtonPrimary: LocalizationValue;
+      };
+      success: {
+        title: LocalizationValue;
+        message1: LocalizationValue;
+        message2: LocalizationValue;
+        finishButton: LocalizationValue;
+      };
+    };
+    totpCode: {
+      title: LocalizationValue;
+      addAuthenticatorApp: {
+        infoText__ableToScan: LocalizationValue;
+        infoText__unableToScan: LocalizationValue;
+        inputLabel__unableToScan1: LocalizationValue;
+        buttonUnableToScan__nonPrimary: LocalizationValue;
+        buttonAbleToScan__nonPrimary: LocalizationValue;
+        formButtonPrimary: LocalizationValue;
+        formButtonReset: LocalizationValue;
+      };
+      verifyTotp: {
+        title: LocalizationValue;
+        subtitle: LocalizationValue;
+        formTitle: LocalizationValue;
+        formButtonPrimary: LocalizationValue;
+        formButtonReset: LocalizationValue;
+      };
+      success: {
+        title: LocalizationValue;
+        message1: LocalizationValue;
+        message2: LocalizationValue;
+        finishButton: LocalizationValue;
+      };
+    };
+    signOut: {
+      actionText: LocalizationValue<'identifier'>;
+      actionLink: LocalizationValue;
+    };
+  };
   web3SolanaWalletButtons: {
     connect: LocalizationValue<'walletName'>;
     continue: LocalizationValue<'walletName'>;
diff --git a/packages/shared/src/types/session.ts b/packages/shared/src/types/session.ts
index 727c044ad48..f35b1454c24 100644
--- a/packages/shared/src/types/session.ts
+++ b/packages/shared/src/types/session.ts
@@ -335,7 +335,7 @@ export interface SessionTask {
   /**
    * A unique identifier for the task
    */
-  key: 'choose-organization' | 'reset-password';
+  key: 'choose-organization' | 'reset-password' | 'setup-mfa';
 }
 
 export type GetTokenOptions = {
diff --git a/packages/shared/src/types/userSettings.ts b/packages/shared/src/types/userSettings.ts
index 0827f0af0be..34a098ae699 100644
--- a/packages/shared/src/types/userSettings.ts
+++ b/packages/shared/src/types/userSettings.ts
@@ -58,6 +58,9 @@ export type SignUpData = {
   captcha_enabled: boolean;
   mode: SignUpModes;
   legal_consent_enabled: boolean;
+  mfa?: {
+    required: boolean;
+  };
 };
 
 export type PasswordSettingsData = {
diff --git a/packages/tanstack-react-start/src/__tests__/__snapshots__/exports.test.ts.snap b/packages/tanstack-react-start/src/__tests__/__snapshots__/exports.test.ts.snap
index eca649e8e36..bb6ed6e33e2 100644
--- a/packages/tanstack-react-start/src/__tests__/__snapshots__/exports.test.ts.snap
+++ b/packages/tanstack-react-start/src/__tests__/__snapshots__/exports.test.ts.snap
@@ -44,6 +44,7 @@ exports[`root public exports > should not change unexpectedly 1`] = `
   "SignedOut",
   "TaskChooseOrganization",
   "TaskResetPassword",
+  "TaskSetupMFA",
   "UserAvatar",
   "UserButton",
   "UserProfile",