Introduces <TaskSetupMfa /> component and the setup-mfa session task

docs/_partials/sdk-examples-not-available-callout.mdx

@@ -0,0 +1 @@
+**Examples for this SDK aren't available yet. For now, try switching to a supported SDK, such as Next.js, and converting the code to fit your SDK.**

docs/_partials/session-tasks-table.mdx

@@ -6,3 +6,4 @@ The following table lists the available tasks and their corresponding keys.
 | - | - | - |
 | [Allow Personal Accounts](/docs/guides/organizations/configure#personal-accounts) | `choose-organization` | Disabled by default when enabling Organizations [for instances created after August 22, 2025](!update). When disabled, users are required to choose an Organization after authenticating. When enabled, users can choose a [Personal Account](!personal-account) instead of an Organization. |
 | [Force password reset](/docs/guides/secure/password-protection-and-rules#manually-set-a-password-as-compromised) | `reset-password` | Enabled by default [for instances created after December 8, 2025](!update). When enabled, the user is required to reset their password on their next sign-in if their password is marked as compromised. |
+| [Require multi-factor authentication](/docs/guides/configure/auth-strategies/sign-up-sign-in-options#multi-factor-authentication) | `setup-mfa` | When [enabled](/docs/guides/configure/auth-strategies/sign-up-sign-in-options#multi-factor-authentication), users are required to set up multi-factor authentication (MFA) after authenticating. Users can choose between authenticator app (TOTP) or SMS verification depending on which methods are enabled in the instance settings. |

docs/guides/configure/auth-strategies/sign-up-sign-in-options.mdx

@@ -123,22 +123,23 @@ To enable Web3 authentication, navigate to the [**Web3**](https://dashboard.cler
 
 Clerk supports multi-factor authentication (MFA), also known as two-factor authentication (2FA). If a user enables MFA for their account, they are required to complete a second verification step during sign-in. This enhances security by enforcing two different types of verification. Many websites offer this as an optional step, giving users control over their own security.
 
-MFA is not available on the new application screen, but it can be enabled in the Clerk Dashboard.
-
-1. In the Clerk Dashboard, navigate to the [**Multi-factor**](https://dashboard.clerk.com/~/user-authentication/multi-factor) page.
-1. Toggle on the MFA strategies you would like to enable.
-
 The following MFA strategies are currently available:
 
 - **SMS verification code**
 - **Authenticator application (also known as TOTP - Time-based One-time Password)**
 - **Backup codes**
 
-Enabling MFA allows users of your app to turn it on for their own accounts through their [User Profile](/docs/guides/account-portal/overview#user-profile) page. Enabling MFA does not automatically turn on MFA for all users.
+To configure MFA strategies:
+
+1. In the Clerk Dashboard, navigate to the [**Multi-factor**](https://dashboard.clerk.com/~/user-authentication/multi-factor) page.
+1. Toggle on the MFA strategies you would like to enable.
+1. If you would like to force MFA for all users in your app, toggle on **Require multi-factor authentication**. When enabled, after authenticating, users will have a pending [`setup-mfa` session task](!session-tasks) and will need to fulfill the task before they are considered `active` (signed-in).
+   If you leave this setting disabled, users can choose to enable MFA for their own accounts through their account settings.
+1. Select **Save**.
 
 <Include src="_partials/duo-authenticator-app-callout.mdx" />
 
-If you're building a custom user interface instead of using the [Account Portal](/docs/guides/account-portal/overview) or [prebuilt components](/docs/reference/components/overview), you can use [elements](/docs/guides/customizing-clerk/elements/examples/sign-in#multi-factor-authentication-mfa) or [the Clerk API](/docs/guides/development/custom-flows/authentication/email-password-mfa) to build a custom sign-in flow that allows users to sign in with MFA.
+If you're building a custom user interface instead of using the [Account Portal](/docs/guides/account-portal/overview) or [prebuilt components](/docs/reference/components/overview), you can use [the Clerk API](/docs/guides/development/custom-flows/authentication/email-password-mfa) to build a [custom flow](!custom-flow) that allows users to sign in with MFA.
 
 ### Reset a user's MFA
 

docs/guides/configure/session-tasks.mdx

@@ -4,6 +4,10 @@ description: Learn how to configure your application to require users to complet
 search:
   keywords:
     - session tasks
+    - currentTask
+    - choose-organization
+    - reset-password
+    - setup-mfa
 ---
 
 **Session tasks** are pending requirements that users must complete after authentication, such as choosing an Organization. When enabled in the Clerk Dashboard, these tasks are handled automatically within the `<SignIn />` and `<SignUp />` components and Clerk's [Account Portal](/docs/guides/account-portal/overview).
@@ -30,6 +34,7 @@ The following table lists the available tasks and their corresponding components
 | - | - |
 | [Personal Accounts disabled (default)](/docs/guides/organizations/configure#enable-organizations) | [`<TaskChooseOrganization />`](/docs/reference/components/authentication/task-choose-organization) |
 | [Force password reset](/docs/guides/secure/password-protection-and-rules#manually-set-a-password-as-compromised) | [`<TaskResetPassword />`](/docs/reference/components/authentication/task-reset-password) |
+| [Require multi-factor authentication](/docs/guides/configure/auth-strategies/sign-up-sign-in-options#multi-factor-authentication) | [`<TaskSetupMfa />`](/docs/reference/components/authentication/task-setup-mfa) |
 
 ### No components, no problem