Skip to main content

Documentation Index

Fetch the complete documentation index at: https://auth0.com/llms.txt

Use this file to discover all available pages before exploring further.

The Universal Components for Android SDK includes the AuthenticatorSettingsComponent, a Jetpack Compose composable that handles every enrollment, verification, listing, and removal flow using the My Account API. It uses the My Account API’s authentication methods management capabilities to render a complete UI for managing a user’s authentication methods. With the AuthenticatorSettingsComponent, you do not need to orchestrate navigation, call endpoints, or manage state.
AuthenticatorSettingsComponent showing sign-in methods and verification methods on Android

Setup requirements

Before rendering AuthenticatorSettingsComponent component, follow Build a Self-Service Account Security Interface to install the SDK, configure your Auth0 tenant, and initialize the SDK with a token provider.
The AuthenticatorSettingsComponent component reads its configuration, token provider, and passkey settings from the initialized SDK singleton.

Supported factors

The component handles every factor Auth0 supports with the My Account API. Each factor’s screens inherit the component’s active theme. To learn more, read Customize Style and Themes.
FactorWhat the component rendersSDK notes
Email OTPEmail input → 6-digit OTP verificationPlatform OTP autofill (Android keyboard autofill) works against the OTP field.
SMS OTPCountry-code picker and phone entry → 6-digit OTP verificationThe Android SMS Retriever API is not used; the SMS body has no app hash. Autofill via the system keyboard works normally.
TOTP (authenticator application)QR code with manual-entry key → 6-digit OTP verificationRenders the standard otpauth:// payload. No custom brand logo injection into the QR.
Push notificationsQR code for Auth0 Guardian scan → “waiting for approval” stateEnd users need the public Auth0 Guardian application. Enterprise customers with a branded Guardian SDK build must surface their own install link outside the component.
PasskeysEducational screen → OS biometric prompt → enrolled entry in the listRequires Digital Asset Links (Android 14+). See the dedicated page for app-side platform setup.
Recovery codesDisplay-once code list with a copy action and an “I’ve saved my codes” confirmationCodes are displayed to the user and never returned to the caller. The copy-to-clipboard action uses the platform’s standard clipboard API.

Get started

Add the AuthenticatorSettingsComponent() from any composable. The SDK handles all internal navigation between enrollment, verification, and management screens.
LoginSecurityScreen.kt
import androidx.compose.runtime.Composable
import com.auth0.universalcomponents.presentation.ui.mfa.AuthenticatorSettingsComponent

@Composable
fun LoginSecurityScreen() {
    AuthenticatorSettingsComponent()
}

Parameters

The AuthenticatorSettingsComponent() component accepts the following modifier:
ParameterTypeDefaultPurpose
modifierModifierModifierStandard Compose modifier.
themeConfigurationAuth0ThemeConfigurationAuth0ThemeConfiguration.DefaultOverride design tokens—colors, typography, shapes, dimensions, sizes. To learn more, read Customize Style and Themes.

Customize

Theming is applied to the component as a whole; individual factor screens inherit the active theme. To learn more about the full token catalog and dark-mode patterns, read Customize Style and Themes.

Advanced Compose NavHost integration

The AuthenticatorSettingsComponent participates in Compose’s NavHost when present and does not need special wiring. Use it like any other composable. When it is a destination in your NavHost, back-navigation defers to the host’s NavController. 
@Composable
fun AccountNavGraph(navController: NavHostController) {
    NavHost(navController, startDestination = "settings") {
        composable("settings") { SettingsScreen(navController) }
        composable("auth-methods") { AuthenticatorSettingsComponent() }
    }
}
Internally, the SDK manages its own nested navigation between enrollment, verification, and management screens. That internal graph is isolated from your application’s NavController, so it does not collide with your application’s routes.

Localization

All user-facing strings live in the SDK’s values/strings.xml file. You can override any string in your application by redefining the same key in your own values/strings.xml file: 
<resources>
    <string name="continue_button">Next</string>
</resources>
Your resource value shadows the SDK default at build time. To ship localized copies, you can provide translated values-<locale>/strings.xml files that use the same keys.

Limitations

  • No standalone factor components on Android. Every factor renders inside the Authentication Methods Management component. There is no public API to enroll, verify, or remove a single factor from a different part of your application.
  • No standalone list/remove components. The SDK does not ship public components for listing enrolled factors or removing them outside the component. Use the Authentication Methods Management component for the full management experience.
  • Post-login passkey prompts are not supported. Prompting a user to save a passkey immediately after sign-in (separate from the settings screen) is not covered by this SDK. You can track universal-components-android for updates.

Learn more

Build a Self-Service Account Security Interface

Initialize the SDK and wire the token provider to your Auth0 tenant.

Customize style and themes

Override colors, typography, spacing, radius, and size tokens using the Auth0 design-token system.