From 0ec7396732adfaa5bd5b9387c1fcc7ef95ec07a1 Mon Sep 17 00:00:00 2001 From: Michael Liendo Date: Tue, 25 Nov 2025 10:31:56 -0600 Subject: [PATCH 1/2] Update disable-user-mfa.mdx with Client Trust warning Added a warning about the introduction of Client Trust and its impact on MFA enforcement. --- docs/reference/backend/user/disable-user-mfa.mdx | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/reference/backend/user/disable-user-mfa.mdx b/docs/reference/backend/user/disable-user-mfa.mdx index 96cf711405..d67f77ba2a 100644 --- a/docs/reference/backend/user/disable-user-mfa.mdx +++ b/docs/reference/backend/user/disable-user-mfa.mdx @@ -6,6 +6,9 @@ sdk: js-backend {/* clerk/javascript file: https://github.com/clerk/javascript/blob/main/packages/backend/src/api/endpoints/UserApi.ts#L206 */} +> [!WARNING] +> On November 14, 2025, Clerk introduced **Client Trust**. This free security protection automatically enforces MFA **the first time** a user logs in from a new device even if MFA is disabled. Learn more about Client Trust and our commitment to security by [visiting our changelog](https://clerk.com/changelog/2025-11-14-client-trust-credential-stuffing-killer). + Disable all of a user's MFA methods (e.g. OTP sent via SMS, TOTP on their authenticator app) at once. ```ts From dcd1b71d63767644ed9805f24cf1dec4629ec5f7 Mon Sep 17 00:00:00 2001 From: Michael Liendo Date: Wed, 26 Nov 2025 14:25:16 -0600 Subject: [PATCH 2/2] update with derived url --- docs/reference/backend/user/disable-user-mfa.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/backend/user/disable-user-mfa.mdx b/docs/reference/backend/user/disable-user-mfa.mdx index d67f77ba2a..b9326192da 100644 --- a/docs/reference/backend/user/disable-user-mfa.mdx +++ b/docs/reference/backend/user/disable-user-mfa.mdx @@ -7,7 +7,7 @@ sdk: js-backend {/* clerk/javascript file: https://github.com/clerk/javascript/blob/main/packages/backend/src/api/endpoints/UserApi.ts#L206 */} > [!WARNING] -> On November 14, 2025, Clerk introduced **Client Trust**. This free security protection automatically enforces MFA **the first time** a user logs in from a new device even if MFA is disabled. Learn more about Client Trust and our commitment to security by [visiting our changelog](https://clerk.com/changelog/2025-11-14-client-trust-credential-stuffing-killer). +> On November 14, 2025, Clerk introduced **[Client Trust](/docs/guides/secure/client-trust)**. This free security protection automatically enforces MFA **the first time** a user logs in from a new device even if MFA is disabled. Learn more about Client Trust and our commitment to security by [visiting our changelog](https://clerk.com/changelog/2025-11-14-client-trust-credential-stuffing-killer). Disable all of a user's MFA methods (e.g. OTP sent via SMS, TOTP on their authenticator app) at once.