> ## Documentation Index
> Fetch the complete documentation index at: https://docs.authsignal.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Restricting authenticators for an action

> Learn how to restrict which authenticators a user can select to complete challenges.

Not all types of authenticators offer the same level of security.
For example, authentication via email magic link is less secure than using a passkey or authenticator app.

With this in mind, you might want force your users to use only their most secure authenticators for particularly sensitive actions e.g. changing their password.

## Set up

To achieve this behavior, you can go to the **Settings** of your desired action and choose which authenticators you want to permit for completing challenges.

<Frame caption="This action will only allow users to complete a challenge with a passkey or authenticator app.">
  <img src="https://mintcdn.com/authsignal-23/U9XmxdPe4AWAeEuC/images/docs/action-settings/permitted-authenticators.png?fit=max&auto=format&n=U9XmxdPe4AWAeEuC&q=85&s=f0108d258254671db1aa25c0c8a14ae2" alt="Permitted authenticators" width="1147" height="522" data-path="images/docs/action-settings/permitted-authenticators.png" />
</Frame>

The pre-built UI will automatically hide any authenticators that are not permitted for the action.

<Info>
  If a user doesn't have any of the permitted authenticators, then the pre-built UI will allow them
  to use their default authenticator to complete the challenge.
</Info>

## Overriding permitted authenticators with rules

In some advanced scenarios, you might want to override the permitted authenticators more granularly when a specific rule is triggered.
When editing a rule, you will see an **Advanced settings** section where you can configure permitted authenticators.
If this rule is triggered, then the challenge can only be completed using the permitted authenticators.

<Frame>
  <img src="https://mintcdn.com/authsignal-23/Q2QPBK1EKmJpLovY/images/docs/rules/permitted-authenticators.png?fit=max&auto=format&n=Q2QPBK1EKmJpLovY&q=85&s=c1eca78516ec98878d312a9d7bc79e62" alt="" width="1352" height="494" data-path="images/docs/rules/permitted-authenticators.png" />
</Frame>
