diff --git a/cspell.json b/cspell.json
index 5cc365f37ff12..a25fee56fe73f 100644
--- a/cspell.json
+++ b/cspell.json
@@ -756,6 +756,7 @@
         "Warchoł",
         "WDYR",
         "webapps",
+        "webauthn",
         "webcredentials",
         "webrtc",
         "welldone",
diff --git a/src/CONST/index.ts b/src/CONST/index.ts
index ba2f5a4d872a1..e67ff098d619c 100755
--- a/src/CONST/index.ts
+++ b/src/CONST/index.ts
@@ -7,6 +7,7 @@ import type {ValueOf} from 'type-fest';
 import type {SearchFilterKey} from '@components/Search/types';
 import type ResponsiveLayoutResult from '@hooks/useResponsiveLayout/types';
 import type {MileageRate} from '@libs/DistanceRequestUtils';
+import MULTIFACTOR_AUTHENTICATION_VALUES from '@libs/MultifactorAuthentication/Biometrics/VALUES';
 import addTrailingForwardSlash from '@libs/UrlUtils';
 import variables from '@styles/variables';
 import ONYXKEYS from '@src/ONYXKEYS';
@@ -423,6 +424,8 @@ const CONST = {
         MAX_AGE: 150,
     },
 
+    MULTIFACTOR_AUTHENTICATION: MULTIFACTOR_AUTHENTICATION_VALUES,
+
     DESKTOP_SHORTCUT_ACCELERATOR: {
         PASTE_AND_MATCH_STYLE: 'Option+Shift+CmdOrCtrl+V',
         PASTE_AS_PLAIN_TEXT: 'CmdOrCtrl+Shift+V',
@@ -5501,7 +5504,7 @@ const CONST = {
         DISABLED: 'DISABLED',
         DISABLE: 'DISABLE',
     },
-    MULTIFACTOR_AUTHENTICATION_NOTIFICATION_TYPE: {
+    MULTIFACTOR_AUTHENTICATION_OUTCOME_TYPE: {
         SUCCESS: 'success',
         FAILURE: 'failure',
     },
diff --git a/src/ROUTES.ts b/src/ROUTES.ts
index cfcfe09941dfa..599500c171609 100644
--- a/src/ROUTES.ts
+++ b/src/ROUTES.ts
@@ -3719,11 +3719,11 @@ const ROUTES = {
     MULTIFACTOR_AUTHENTICATION_MAGIC_CODE: `${MULTIFACTOR_AUTHENTICATION_PROTECTED_ROUTES.FACTOR}/magic-code`,
     MULTIFACTOR_AUTHENTICATION_BIOMETRICS_TEST: 'multifactor-authentication/scenario/biometrics-test',
 
-    // The exact notification & prompt type will be added as a part of Multifactor Authentication config in another PR,
+    // The exact outcome & prompt type will be added as a part of Multifactor Authentication config in another PR,
     // for now a string is accepted to avoid blocking this PR.
-    MULTIFACTOR_AUTHENTICATION_NOTIFICATION: {
-        route: 'multifactor-authentication/notification/:notificationType',
-        getRoute: (notificationType: ValueOf<typeof CONST.MULTIFACTOR_AUTHENTICATION_NOTIFICATION_TYPE>) => `multifactor-authentication/notification/${notificationType}` as const,
+    MULTIFACTOR_AUTHENTICATION_OUTCOME: {
+        route: 'multifactor-authentication/outcome/:outcomeType',
+        getRoute: (outcomeType: ValueOf<typeof CONST.MULTIFACTOR_AUTHENTICATION_OUTCOME_TYPE>) => `multifactor-authentication/outcome/${outcomeType}` as const,
     },
 
     MULTIFACTOR_AUTHENTICATION_PROMPT: {
diff --git a/src/SCREENS.ts b/src/SCREENS.ts
index 617ab3c4d9a64..0d6fd09a39d32 100644
--- a/src/SCREENS.ts
+++ b/src/SCREENS.ts
@@ -908,7 +908,7 @@ const SCREENS = {
     MULTIFACTOR_AUTHENTICATION: {
         MAGIC_CODE: 'Multifactor_Authentication_Magic_Code',
         BIOMETRICS_TEST: 'Multifactor_Authentication_Biometrics_Test',
-        NOTIFICATION: 'Multifactor_Authentication_Notification',
+        OUTCOME: 'Multifactor_Authentication_Outcome',
         PROMPT: 'Multifactor_Authentication_Prompt',
         NOT_FOUND: 'Multifactor_Authentication_Not_Found',
     },
diff --git a/src/components/MultifactorAuthentication/config/index.ts b/src/components/MultifactorAuthentication/config/index.ts
new file mode 100644
index 0000000000000..58f3b23f5bed8
--- /dev/null
+++ b/src/components/MultifactorAuthentication/config/index.ts
@@ -0,0 +1,12 @@
+/**
+ * Configuration exports for multifactor authentication UI components and scenarios.
+ */
+import mapMultifactorAuthenticationOutcomes from './mapMultifactorAuthenticationOutcomes';
+import MULTIFACTOR_AUTHENTICATION_SCENARIO_CONFIG from './scenarios';
+
+const MULTIFACTOR_AUTHENTICATION_OUTCOME_MAP = mapMultifactorAuthenticationOutcomes(MULTIFACTOR_AUTHENTICATION_SCENARIO_CONFIG);
+
+export {MULTIFACTOR_AUTHENTICATION_SCENARIO_CONFIG, MULTIFACTOR_AUTHENTICATION_OUTCOME_MAP};
+export {default as MULTIFACTOR_AUTHENTICATION_PROMPT_UI} from './scenarios/prompts';
+export {default as MULTIFACTOR_AUTHENTICATION_DEFAULT_UI} from './scenarios/DefaultUserInterface';
+export type {Payloads as MultifactorAuthenticationScenarioPayload} from './scenarios';
diff --git a/src/components/MultifactorAuthentication/config/mapMultifactorAuthenticationOutcomes.ts b/src/components/MultifactorAuthentication/config/mapMultifactorAuthenticationOutcomes.ts
new file mode 100644
index 0000000000000..81d3a9256e527
--- /dev/null
+++ b/src/components/MultifactorAuthentication/config/mapMultifactorAuthenticationOutcomes.ts
@@ -0,0 +1,97 @@
+import StringUtils from '@libs/StringUtils';
+import type {
+    MultifactorAuthenticationOutcomeMap,
+    MultifactorAuthenticationOutcomeOptions,
+    MultifactorAuthenticationOutcomeRecord,
+    MultifactorAuthenticationScenario,
+    MultifactorAuthenticationScenarioConfigRecord,
+} from './types';
+
+/**
+ * This utility module provides functions to map multifactor authentication scenario configurations
+ * to an outcome map with kebab-case keys.
+ *
+ * This allows outcome pages to reference the config based on its OutcomeType in url.
+ *
+ * e.g.
+ *
+ * {
+ *     "BIOMETRICS-TEST": {
+ *         // ...
+ *         OUTCOMES: {
+ *             success: {
+ *                 title: "...",
+ *                 // ...
+ *             },
+ *             failure: {
+ *                title: "...",
+ *                 // ...
+ *             },
+ *             // ...
+ *         }
+ *     },
+ *     "AUTHORIZE-TRANSACTION": {
+ *       // ...
+ *     }
+ * }
+ *
+ * is mapped to:
+ *
+ * {
+ *     "biometrics-test-success": {
+ *         title: "...",
+ *         // ...
+ *     },
+ *     "biometrics-test-failure": {
+ *         title: "...",
+ *         // ...
+ *     },
+ *     "authorize-transaction-success": {
+ *         // ...
+ *     }
+ *     // ...
+ * }
+ */
+
+/**
+ * Creates an outcome record from multifactor authentication scenario configuration.
+ * For details refer to the example above.
+ */
+const createOutcomeRecord = (mfaConfig: MultifactorAuthenticationScenarioConfigRecord): MultifactorAuthenticationOutcomeRecord => {
+    const entries = Object.entries({...mfaConfig});
+    return entries.reduce((record, [key, {OUTCOMES}]) => {
+        // eslint-disable-next-line no-param-reassign
+        record[key as MultifactorAuthenticationScenario] = {...OUTCOMES};
+        return record;
+    }, {} as MultifactorAuthenticationOutcomeRecord);
+};
+
+/**
+ * Creates an outcome key by combining scenario and outcome name in kebab-case format.
+ * e.g. a scenario key of "BIOMETRICS-TEST" and outcome name of "success" will produce "biometrics-test-success".
+ */
+const createOutcomeKey = (key: string, name: string) => {
+    const scenarioKebabCase = StringUtils.toLowerCase(key as MultifactorAuthenticationScenario);
+    const outcomeName = StringUtils.camelToKebabCase(name as MultifactorAuthenticationOutcomeOptions);
+
+    return `${scenarioKebabCase}-${outcomeName}` as const;
+};
+
+/**
+ * Maps multifactor authentication scenario configuration to an outcome map with kebab-case keys.
+ */
+const mapMultifactorAuthenticationOutcomes = (mfaConfig: MultifactorAuthenticationScenarioConfigRecord) => {
+    const recordEntries = Object.entries(createOutcomeRecord({...mfaConfig}));
+
+    const outcomes: Partial<MultifactorAuthenticationOutcomeMap> = {};
+
+    for (const [key, config] of recordEntries) {
+        for (const [name, ui] of Object.entries(config)) {
+            outcomes[createOutcomeKey(key, name)] = {...ui};
+        }
+    }
+
+    return outcomes as MultifactorAuthenticationOutcomeMap;
+};
+
+export default mapMultifactorAuthenticationOutcomes;
diff --git a/src/components/MultifactorAuthentication/config/scenarios/BiometricsTest.ts b/src/components/MultifactorAuthentication/config/scenarios/BiometricsTest.ts
new file mode 100644
index 0000000000000..6c9f0f44af50d
--- /dev/null
+++ b/src/components/MultifactorAuthentication/config/scenarios/BiometricsTest.ts
@@ -0,0 +1,25 @@
+import type {MultifactorAuthenticationScenarioCustomConfig} from '@components/MultifactorAuthentication/config/types';
+import {troubleshootMultifactorAuthentication} from '@userActions/MultifactorAuthentication';
+import CONST from '@src/CONST';
+import SCREENS from '@src/SCREENS';
+
+/**
+ * Configuration for the biometrics test multifactor authentication scenario.
+ */
+export default {
+    allowedAuthenticationMethods: [CONST.MULTIFACTOR_AUTHENTICATION.TYPE.BIOMETRICS],
+    action: troubleshootMultifactorAuthentication,
+    screen: SCREENS.MULTIFACTOR_AUTHENTICATION.BIOMETRICS_TEST,
+    pure: true,
+    OUTCOMES: {
+        success: {
+            headerTitle: 'multifactorAuthentication.biometricsTest.biometricsTest',
+        },
+        failure: {
+            headerTitle: 'multifactorAuthentication.biometricsTest.biometricsTest',
+        },
+        outOfTime: {
+            headerTitle: 'multifactorAuthentication.biometricsTest.biometricsTest',
+        },
+    },
+} as const satisfies MultifactorAuthenticationScenarioCustomConfig;
diff --git a/src/components/MultifactorAuthentication/config/scenarios/DefaultUserInterface.ts b/src/components/MultifactorAuthentication/config/scenarios/DefaultUserInterface.ts
new file mode 100644
index 0000000000000..2c827de8d53ef
--- /dev/null
+++ b/src/components/MultifactorAuthentication/config/scenarios/DefaultUserInterface.ts
@@ -0,0 +1,105 @@
+import type {MultifactorAuthenticationDefaultUIConfig, MultifactorAuthenticationScenarioCustomConfig} from '@components/MultifactorAuthentication/config/types';
+import NoEligibleMethodsDescription from '@components/MultifactorAuthentication/NoEligibleMethodsDescription';
+// Spacing utilities are needed for icon padding configuration in outcomes defaults
+// eslint-disable-next-line no-restricted-imports
+import spacing from '@styles/utils/spacing';
+import variables from '@styles/variables';
+
+/**
+ * Default UI configuration for all multifactor authentication scenarios with modals and outcomes.
+ */
+const DEFAULT_CONFIG = {
+    OUTCOMES: {
+        success: {
+            illustration: 'OpenPadlock',
+            iconWidth: variables.openPadlockWidth,
+            iconHeight: variables.openPadlockHeight,
+            padding: spacing.p2,
+            headerTitle: 'multifactorAuthentication.biometricsTest.biometricsAuthentication',
+            title: 'multifactorAuthentication.biometricsTest.authenticationSuccessful',
+            description: 'multifactorAuthentication.biometricsTest.successfullyAuthenticatedUsing',
+        },
+        failure: {
+            illustration: 'HumptyDumpty',
+            iconWidth: variables.humptyDumptyWidth,
+            iconHeight: variables.humptyDumptyHeight,
+            padding: spacing.p0,
+            headerTitle: 'multifactorAuthentication.biometricsTest.biometricsAuthentication',
+            title: 'multifactorAuthentication.oops',
+            description: 'multifactorAuthentication.biometricsTest.yourAttemptWasUnsuccessful',
+        },
+        outOfTime: {
+            illustration: 'RunOutOfTime',
+            iconWidth: variables.runOutOfTimeWidth,
+            iconHeight: variables.runOutOfTimeHeight,
+            padding: spacing.p0,
+            headerTitle: 'multifactorAuthentication.biometricsTest.biometricsAuthentication',
+            title: 'multifactorAuthentication.youRanOutOfTime',
+            description: 'multifactorAuthentication.looksLikeYouRanOutOfTime',
+        },
+        noEligibleMethods: {
+            illustration: 'HumptyDumpty',
+            iconWidth: variables.humptyDumptyWidth,
+            iconHeight: variables.humptyDumptyHeight,
+            padding: spacing.p0,
+            headerTitle: 'multifactorAuthentication.biometricsTest.biometricsAuthentication',
+            title: 'multifactorAuthentication.biometricsTest.youCouldNotBeAuthenticated',
+            description: 'multifactorAuthentication.biometricsTest.youCouldNotBeAuthenticated',
+            customDescription: NoEligibleMethodsDescription,
+        },
+    },
+    MODALS: {
+        cancelConfirmation: {
+            title: 'common.areYouSure',
+            description: 'multifactorAuthentication.biometricsTest.areYouSureToReject',
+            confirmButtonText: 'multifactorAuthentication.biometricsTest.rejectAuthentication',
+            cancelButtonText: 'common.cancel',
+        },
+    },
+    nativePromptTitle: 'multifactorAuthentication.letsVerifyItsYou',
+} as const satisfies MultifactorAuthenticationDefaultUIConfig;
+
+/**
+ * Merges custom scenario configuration with default UI configuration for modals and outcomes.
+ */
+function customConfig<const T extends MultifactorAuthenticationScenarioCustomConfig<never>>(config: T) {
+    const MODALS = {
+        ...DEFAULT_CONFIG.MODALS,
+        ...config.MODALS,
+        cancelConfirmation: {
+            ...DEFAULT_CONFIG.MODALS.cancelConfirmation,
+            ...config.MODALS?.cancelConfirmation,
+        },
+    } as const;
+
+    const OUTCOMES = {
+        ...DEFAULT_CONFIG.OUTCOMES,
+        ...config.OUTCOMES,
+        success: {
+            ...DEFAULT_CONFIG.OUTCOMES.success,
+            ...config.OUTCOMES?.success,
+        },
+        failure: {
+            ...DEFAULT_CONFIG.OUTCOMES.failure,
+            ...config.OUTCOMES?.failure,
+        },
+        outOfTime: {
+            ...DEFAULT_CONFIG.OUTCOMES.outOfTime,
+            ...config.OUTCOMES?.outOfTime,
+        },
+        noEligibleMethods: {
+            ...DEFAULT_CONFIG.OUTCOMES.noEligibleMethods,
+            ...config.OUTCOMES?.noEligibleMethods,
+        },
+    } as const;
+
+    return {
+        ...DEFAULT_CONFIG,
+        ...config,
+        MODALS,
+        OUTCOMES,
+    } as const;
+}
+
+export default DEFAULT_CONFIG;
+export {customConfig};
diff --git a/src/components/MultifactorAuthentication/config/scenarios/index.ts b/src/components/MultifactorAuthentication/config/scenarios/index.ts
new file mode 100644
index 0000000000000..b89521d273681
--- /dev/null
+++ b/src/components/MultifactorAuthentication/config/scenarios/index.ts
@@ -0,0 +1,28 @@
+import type {EmptyObject} from 'type-fest';
+import type {MultifactorAuthenticationScenarioConfigRecord} from '@components/MultifactorAuthentication/config/types';
+import CONST from '@src/CONST';
+import BiometricsTest from './BiometricsTest';
+import {customConfig} from './DefaultUserInterface';
+
+/**
+ * Payload types for multifactor authentication scenarios.
+ * Since the BiometricsTest does not require any payload, it is an empty object for now.
+ * The AuthorizeTransaction Scenario will change it, as it needs the transactionID to be provided as well.
+ *
+ * {
+ *     "AUTHORIZE-TRANSACTION": {
+ *         transactionID: string;
+ *     }
+ * }
+ */
+type Payloads = EmptyObject;
+
+/**
+ * Configuration records for all multifactor authentication scenarios.
+ */
+const Configs = {
+    [CONST.MULTIFACTOR_AUTHENTICATION.SCENARIO.BIOMETRICS_TEST]: customConfig(BiometricsTest),
+} as const satisfies MultifactorAuthenticationScenarioConfigRecord;
+
+export default Configs;
+export type {Payloads};
diff --git a/src/components/MultifactorAuthentication/config/scenarios/names.ts b/src/components/MultifactorAuthentication/config/scenarios/names.ts
new file mode 100644
index 0000000000000..c305a7313369c
--- /dev/null
+++ b/src/components/MultifactorAuthentication/config/scenarios/names.ts
@@ -0,0 +1,20 @@
+/**
+ * Multifactor authentication scenario names.
+ *
+ * The names need to be a kebab-case string to satisfy the requirements of the URL schema.
+ * Moreover, they are exported to a separate file to avoid circular dependencies
+ * as the Multifactor Authentication configs imports SCREENS, actions, and other shared modules,
+ * and at the same time the config is imported in the CONSTs.
+ */
+const SCENARIO_NAMES = {
+    BIOMETRICS_TEST: 'BIOMETRICS-TEST',
+} as const;
+
+/**
+ * Prompt identifiers for multifactor authentication scenarios.
+ */
+const PROMPT_NAMES = {
+    ENABLE_BIOMETRICS: 'enable-biometrics',
+};
+
+export {SCENARIO_NAMES, PROMPT_NAMES};
diff --git a/src/components/MultifactorAuthentication/config/scenarios/prompts.ts b/src/components/MultifactorAuthentication/config/scenarios/prompts.ts
new file mode 100644
index 0000000000000..729cf39b88d45
--- /dev/null
+++ b/src/components/MultifactorAuthentication/config/scenarios/prompts.ts
@@ -0,0 +1,15 @@
+import LottieAnimations from '@components/LottieAnimations';
+import type {MultifactorAuthenticationPrompt} from '@components/MultifactorAuthentication/config/types';
+import VALUES from '@libs/MultifactorAuthentication/Biometrics/VALUES';
+
+/**
+ * Configuration for multifactor authentication prompt UI with animations and translations.
+ * Exported to a separate file to avoid circular dependencies.
+ */
+export default {
+    [VALUES.PROMPT.ENABLE_BIOMETRICS]: {
+        animation: LottieAnimations.Fingerprint,
+        title: 'multifactorAuthentication.verifyYourself.biometrics',
+        subtitle: 'multifactorAuthentication.enableQuickVerification.biometrics',
+    },
+} as const satisfies MultifactorAuthenticationPrompt;
diff --git a/src/components/MultifactorAuthentication/config/types.ts b/src/components/MultifactorAuthentication/config/types.ts
new file mode 100644
index 0000000000000..6e17c121c1a0f
--- /dev/null
+++ b/src/components/MultifactorAuthentication/config/types.ts
@@ -0,0 +1,267 @@
+/**
+ * Configuration types for multifactor authentication UI and scenarios.
+ */
+import type {ViewStyle} from 'react-native';
+import type {EmptyObject, KebabCase, Replace, ValueOf} from 'type-fest';
+import type {IllustrationName} from '@components/Icon/chunks/illustrations.chunk';
+import type DotLottieAnimation from '@components/LottieAnimations/types';
+import type {
+    AllMultifactorAuthenticationFactors,
+    MultifactorAuthenticationActionParams,
+    MultifactorAuthenticationKeyInfo,
+    MultifactorAuthenticationReason,
+} from '@libs/MultifactorAuthentication/Biometrics/types';
+import type CONST from '@src/CONST';
+import type {TranslationPaths} from '@src/languages/types';
+import type SCREENS from '@src/SCREENS';
+import type {MULTIFACTOR_AUTHENTICATION_SCENARIO_CONFIG, MultifactorAuthenticationScenarioPayload} from './index';
+
+/**
+ * Configuration for cancel confirmation modal in multifactor authentication.
+ */
+type MultifactorAuthenticationCancelConfirm = {
+    description?: TranslationPaths;
+    cancelButtonText?: TranslationPaths;
+    confirmButtonText?: TranslationPaths;
+    title?: TranslationPaths;
+};
+
+/**
+ * Configuration for multifactor authentication prompt display with animation and translations.
+ */
+type MultifactorAuthenticationPromptConfig = {
+    animation: DotLottieAnimation;
+    title: TranslationPaths;
+    subtitle: TranslationPaths;
+};
+
+/**
+ * Configuration for displaying multifactor authentication outcomes with illustrations and text.
+ */
+type MultifactorAuthenticationOutcomeConfig = {
+    illustration: IllustrationName;
+    iconWidth: number;
+    iconHeight: number;
+    padding: ViewStyle;
+    headerTitle: TranslationPaths;
+    title: TranslationPaths;
+    description: TranslationPaths;
+    customDescription?: React.FunctionComponent;
+};
+
+/**
+ * Collection of prompts keyed by prompt identifier.
+ */
+type MultifactorAuthenticationPrompt = Record<string, MultifactorAuthenticationPromptConfig>;
+
+/**
+ * Collection of outcomes keyed by an outcome type.
+ */
+type MultifactorAuthenticationOutcome = Record<string, MultifactorAuthenticationOutcomeConfig>;
+
+/**
+ * Configuration for modals in multifactor authentication flows.
+ */
+type MultifactorAuthenticationModal = {
+    cancelConfirmation: MultifactorAuthenticationCancelConfirm;
+};
+
+/**
+ * Override configuration for modals with partial properties.
+ * This allows customization of specific modal aspects without redefining the entire structure.
+ * e.g. "Authentication attempt" in the cancel confirmation modal can be changed to "Transaction approval".
+ */
+type MultifactorAuthenticationModalOptional = {
+    cancelConfirmation?: Partial<MultifactorAuthenticationCancelConfirm>;
+};
+
+/**
+ * Optional outcome configuration with partial properties for scenario overrides.
+ */
+type MultifactorAuthenticationOutcomeOptional = Record<string, Partial<MultifactorAuthenticationOutcomeConfig>>;
+
+/**
+ * Type representation of the scenario configuration constant.
+ */
+type MultifactorAuthenticationConfigRecordConst = typeof MULTIFACTOR_AUTHENTICATION_SCENARIO_CONFIG;
+
+/**
+ * Maps each scenario to its outcomes configuration type.
+ */
+type MultifactorAuthenticationScenarioOutcomeConst = {
+    [K in MultifactorAuthenticationScenario]: MultifactorAuthenticationConfigRecordConst[K]['OUTCOMES'];
+};
+
+/**
+ * Available outcome options for each scenario.
+ */
+type MultifactorAuthenticationOutcomeScenarioOptions = {
+    [K in MultifactorAuthenticationScenario]: keyof MultifactorAuthenticationScenarioOutcomeConst[K];
+};
+
+/**
+ * Maps scenarios to their outcome configurations.
+ */
+type MultifactorAuthenticationOutcomeRecord = Record<MultifactorAuthenticationScenario, MultifactorAuthenticationOutcome>;
+
+/**
+ * Constructs a kebab-case outcome type string from scenario and outcome name.
+ */
+type MultifactorAuthenticationOutcomeType<T extends MultifactorAuthenticationScenario> = `${Lowercase<T>}-${KebabCase<MultifactorAuthenticationOutcomeScenarioOptions[T]>}`;
+
+type MultifactorAuthenticationUI = {
+    MODALS: MultifactorAuthenticationModal;
+    OUTCOMES: MultifactorAuthenticationOutcome;
+};
+
+/**
+ * All possible outcome types key across all scenarios.
+ */
+type AllMultifactorAuthenticationOutcomeType = MultifactorAuthenticationOutcomeType<MultifactorAuthenticationScenario>;
+
+/**
+ * Maps all outcome type keys to their configurations.
+ */
+type MultifactorAuthenticationOutcomeMap = Record<AllMultifactorAuthenticationOutcomeType, MultifactorAuthenticationOutcomeConfig>;
+
+/**
+ * All available outcome options across scenarios.
+ */
+type MultifactorAuthenticationOutcomeOptions = keyof MultifactorAuthenticationScenarioOutcomeConst[MultifactorAuthenticationScenario];
+
+/**
+ * Outcome type suffixes for a specific scenario (removes the scenario prefix).
+ */
+type MultifactorAuthenticationOutcomeSuffixes<T extends MultifactorAuthenticationScenario> = Replace<AllMultifactorAuthenticationOutcomeType, `${Lowercase<T>}-`, ''>;
+
+/**
+ * Response from a multifactor authentication scenario action.
+ */
+type MultifactorAuthenticationScenarioResponse = {
+    httpCode: number;
+    reason: MultifactorAuthenticationReason;
+};
+
+/**
+ * Multifactor authentication screen identifiers.
+ */
+type MultifactorAuthenticationScreen = ValueOf<typeof SCREENS.MULTIFACTOR_AUTHENTICATION>;
+
+/**
+ * Pure function type for scenario actions that return HTTP response and reason.
+ */
+type MultifactorAuthenticationScenarioPureMethod<T extends Record<string, unknown>> = (
+    params: MultifactorAuthenticationActionParams<T, 'signedChallenge'>,
+) => Promise<MultifactorAuthenticationScenarioResponse>;
+
+/**
+ * Complete scenario configuration including action, UI, and metadata.
+ */
+type MultifactorAuthenticationScenarioConfig<T extends Record<string, unknown> = EmptyObject> = {
+    action: MultifactorAuthenticationScenarioPureMethod<T>;
+    allowedAuthenticationMethods: Array<ValueOf<typeof CONST.MULTIFACTOR_AUTHENTICATION.TYPE>>;
+    screen: MultifactorAuthenticationScreen;
+
+    /**
+     * Whether the scenario does not require any additional parameters except for the native biometrics data.
+     * If it is the case, the scenario needs to be defined as such
+     * so the absence of payload will be tolerated at the run-time.
+     */
+    pure?: true;
+    nativePromptTitle: TranslationPaths;
+} & MultifactorAuthenticationUI;
+
+/**
+ * Scenario configuration for custom scenarios with optional overrides.
+ */
+type MultifactorAuthenticationScenarioCustomConfig<T extends Record<string, unknown> = EmptyObject> = Omit<
+    MultifactorAuthenticationScenarioConfig<T>,
+    'MODALS' | 'OUTCOMES' | 'nativePromptTitle'
+> & {
+    nativePromptTitle?: TranslationPaths;
+    MODALS?: MultifactorAuthenticationModalOptional;
+    OUTCOMES: MultifactorAuthenticationOutcomeOptional;
+};
+
+/**
+ * Default UI configuration shared across scenarios.
+ */
+type MultifactorAuthenticationDefaultUIConfig = Pick<MultifactorAuthenticationScenarioConfig, 'nativePromptTitle' | 'MODALS' | 'OUTCOMES'>;
+
+/**
+ * Record mapping all scenarios to their configurations.
+ */
+type MultifactorAuthenticationScenarioConfigRecord = Record<MultifactorAuthenticationScenario, MultifactorAuthenticationScenarioConfig<never>>;
+
+/**
+ * Additional parameters specific to a scenario.
+ */
+type MultifactorAuthenticationScenarioAdditionalParams<T extends MultifactorAuthenticationScenario> = T extends keyof MultifactorAuthenticationScenarioPayload
+    ? MultifactorAuthenticationScenarioPayload[T]
+    : EmptyObject;
+
+/**
+ * Optional authentication factors with scenario-specific parameters.
+ */
+type MultifactorAuthenticationScenarioParams<T extends MultifactorAuthenticationScenario> = Partial<AllMultifactorAuthenticationFactors> &
+    MultifactorAuthenticationScenarioAdditionalParams<T>;
+
+/**
+ * All required authentication factors with scenario-specific parameters.
+ */
+type MultifactorAuthenticationProcessScenarioParameters<T extends MultifactorAuthenticationScenario> = AllMultifactorAuthenticationFactors &
+    MultifactorAuthenticationScenarioAdditionalParams<T>;
+
+/**
+ * Scenario response with success status indicator.
+ */
+type MultifactorAuthenticationScenarioResponseWithSuccess = {
+    httpCode: number | undefined;
+    successful: boolean;
+};
+
+/**
+ * Parameters required for biometrics registration scenario.
+ */
+type RegisterBiometricsParams = MultifactorAuthenticationActionParams<
+    {
+        keyInfo: MultifactorAuthenticationKeyInfo<'biometric'>;
+    },
+    'validateCode'
+>;
+
+/**
+ * Type-safe parameters for each multifactor authentication scenario.
+ */
+type MultifactorAuthenticationScenarioParameters = {
+    [key in MultifactorAuthenticationScenario]: MultifactorAuthenticationActionParams<
+        key extends keyof MultifactorAuthenticationScenarioPayload ? MultifactorAuthenticationScenarioPayload[key] : EmptyObject,
+        'signedChallenge'
+    >;
+} & {
+    // eslint-disable-next-line @typescript-eslint/naming-convention
+    'REGISTER-BIOMETRICS': RegisterBiometricsParams;
+};
+
+/**
+ * Identifier for different multifactor authentication scenarios.
+ */
+type MultifactorAuthenticationScenario = ValueOf<typeof CONST.MULTIFACTOR_AUTHENTICATION.SCENARIO>;
+
+export type {
+    MultifactorAuthenticationPrompt,
+    MultifactorAuthenticationOutcomeRecord,
+    MultifactorAuthenticationOutcomeMap,
+    MultifactorAuthenticationScenarioResponseWithSuccess,
+    MultifactorAuthenticationScenarioAdditionalParams,
+    MultifactorAuthenticationScenarioParameters,
+    MultifactorAuthenticationScenario,
+    MultifactorAuthenticationOutcomeOptions,
+    MultifactorAuthenticationScenarioParams,
+    MultifactorAuthenticationScenarioConfig,
+    MultifactorAuthenticationScenarioConfigRecord,
+    MultifactorAuthenticationProcessScenarioParameters,
+    MultifactorAuthenticationDefaultUIConfig,
+    MultifactorAuthenticationOutcomeSuffixes,
+    MultifactorAuthenticationScenarioCustomConfig,
+};
diff --git a/src/components/MultifactorAuthentication/types.ts b/src/components/MultifactorAuthentication/types.ts
new file mode 100644
index 0000000000000..4130f888c0d3e
--- /dev/null
+++ b/src/components/MultifactorAuthentication/types.ts
@@ -0,0 +1,13 @@
+/**
+ * Type definitions for multifactor authentication components.
+ */
+import type {ValueOf} from 'type-fest';
+import type {SECURE_STORE_VALUES} from '@libs/MultifactorAuthentication/Biometrics/SecureStore';
+
+/**
+ * Authentication type name derived from secure store values.
+ */
+type AuthTypeName = ValueOf<typeof SECURE_STORE_VALUES.AUTH_TYPE>['NAME'];
+
+// eslint-disable-next-line import/prefer-default-export
+export type {AuthTypeName};
diff --git a/src/components/TestToolMenu.tsx b/src/components/TestToolMenu.tsx
index f4f83bfab0008..eadc8f7d0989d 100644
--- a/src/components/TestToolMenu.tsx
+++ b/src/components/TestToolMenu.tsx
@@ -22,6 +22,9 @@ import TestCrash from './TestCrash';
 import TestToolRow from './TestToolRow';
 import Text from './Text';
 
+// Temporary hardcoded value until MultifactorAuthenticationContext is implemented
+const TEMP_BIOMETRICS_REGISTERED_STATUS = false;
+
 function TestToolMenu() {
     const [network] = useOnyx(ONYXKEYS.NETWORK, {canBeMissing: true});
     const [isUsingImportedState] = useOnyx(ONYXKEYS.IS_USING_IMPORTED_STATE, {canBeMissing: true});
@@ -33,6 +36,11 @@ function TestToolMenu() {
 
     const {singleExecution} = useSingleExecution();
     const waitForNavigate = useWaitForNavigation();
+
+    /**
+     * The wrapper is needed to prevent rapid double‑taps on native from triggering multiple navigations.
+     * Context: https://github.com/Expensify/App/pull/79475#discussion_r2708230681
+     */
     const navigateToBiometricsTestPage = singleExecution(
         waitForNavigate(() => {
             Navigation.navigate(ROUTES.MULTIFACTOR_AUTHENTICATION_BIOMETRICS_TEST);
@@ -43,7 +51,7 @@ function TestToolMenu() {
     const isAuthenticated = useIsAuthenticated();
 
     // Temporary hardcoded false, expected behavior: status fetched from the MultifactorAuthenticationContext
-    const biometricsTitle = translate('multifactorAuthentication.biometricsTest.troubleshootBiometricsStatus', {registered: false});
+    const biometricsTitle = translate('multifactorAuthentication.biometricsTest.troubleshootBiometricsStatus', {registered: TEMP_BIOMETRICS_REGISTERED_STATUS});
 
     return (
         <>
@@ -100,7 +108,7 @@ function TestToolMenu() {
                         />
                     </TestToolRow>
 
-                    {/* Allows you to test the Biometrics flow */}
+                    {/* Allows testing the biometric multifactor authentication flow */}
                     <TestToolRow title={biometricsTitle}>
                         <View style={[styles.flexRow, styles.gap2]}>
                             <Button
diff --git a/src/languages/params.ts b/src/languages/params.ts
index 8315e3025da7b..82296d24a9879 100644
--- a/src/languages/params.ts
+++ b/src/languages/params.ts
@@ -1,4 +1,5 @@
 import type {ValueOf} from 'type-fest';
+import type {AuthTypeName} from '@components/MultifactorAuthentication/types';
 import type CONST from '@src/CONST';
 import type {OnyxInputOrEntry, ReportAction} from '@src/types/onyx';
 import type {DelegateRole} from '@src/types/onyx/Account';
@@ -6,7 +7,7 @@ import type {AllConnectionName, ConnectionName, PolicyConnectionSyncStage, SageI
 import type {ViolationDataType} from '@src/types/onyx/TransactionViolation';
 
 type MultifactorAuthenticationTranslationParams = {
-    authType?: string;
+    authType?: AuthTypeName;
     registered?: boolean;
 };
 
diff --git a/src/libs/API/parameters/RegisterAuthenticationKeyParams.ts b/src/libs/API/parameters/RegisterAuthenticationKeyParams.ts
new file mode 100644
index 0000000000000..7bf85d9844394
--- /dev/null
+++ b/src/libs/API/parameters/RegisterAuthenticationKeyParams.ts
@@ -0,0 +1,5 @@
+import type {MultifactorAuthenticationScenarioParameters} from '@components/MultifactorAuthentication/config/types';
+
+type RegisterAuthenticationKeyParams = MultifactorAuthenticationScenarioParameters['REGISTER-BIOMETRICS'];
+
+export default RegisterAuthenticationKeyParams;
diff --git a/src/libs/API/parameters/RequestAuthenticationChallengeParams.ts b/src/libs/API/parameters/RequestAuthenticationChallengeParams.ts
new file mode 100644
index 0000000000000..a11a0f9f1ea30
--- /dev/null
+++ b/src/libs/API/parameters/RequestAuthenticationChallengeParams.ts
@@ -0,0 +1,8 @@
+import type {ChallengeType} from '@libs/MultifactorAuthentication/Biometrics/types';
+
+type RequestAuthenticationChallengeParams = {
+    /** Challenge type: 'authentication' for signing existing keys, 'registration' for new key registration */
+    challengeType: ChallengeType;
+};
+
+export default RequestAuthenticationChallengeParams;
diff --git a/src/libs/API/parameters/TroubleshootMultifactorAuthenticationParams.ts b/src/libs/API/parameters/TroubleshootMultifactorAuthenticationParams.ts
new file mode 100644
index 0000000000000..86434a2072f87
--- /dev/null
+++ b/src/libs/API/parameters/TroubleshootMultifactorAuthenticationParams.ts
@@ -0,0 +1,5 @@
+import type {MultifactorAuthenticationScenarioParameters} from '@components/MultifactorAuthentication/config/types';
+
+type TroubleshootMultifactorAuthenticationParams = MultifactorAuthenticationScenarioParameters['BIOMETRICS-TEST'];
+
+export default TroubleshootMultifactorAuthenticationParams;
diff --git a/src/libs/API/parameters/index.ts b/src/libs/API/parameters/index.ts
index 13cfd31718221..99d03d7a1bc81 100644
--- a/src/libs/API/parameters/index.ts
+++ b/src/libs/API/parameters/index.ts
@@ -463,3 +463,6 @@ export type {default as ToggleConsolidatedDomainBillingParams} from './ToggleCon
 export type {default as RemoveDomainAdminParams} from './RemoveDomainAdminParams';
 export type {default as DeleteDomainParams} from './DeleteDomainParams';
 export type {default as GetDuplicateTransactionDetailsParams} from './GetDuplicateTransactionDetailsParams';
+export type {default as RegisterAuthenticationKeyParams} from './RegisterAuthenticationKeyParams';
+export type {default as TroubleshootMultifactorAuthenticationParams} from './TroubleshootMultifactorAuthenticationParams';
+export type {default as RequestAuthenticationChallengeParams} from './RequestAuthenticationChallengeParams';
diff --git a/src/libs/API/types.ts b/src/libs/API/types.ts
index a4f0123a3d7d5..52698a4ab3836 100644
--- a/src/libs/API/types.ts
+++ b/src/libs/API/types.ts
@@ -1295,6 +1295,10 @@ const SIDE_EFFECT_REQUEST_COMMANDS = {
 
     ACCEPT_SPOTNANA_TERMS: 'AcceptSpotnanaTerms',
     COMPLETE_GUIDED_SETUP: 'CompleteGuidedSetup',
+
+    REGISTER_AUTHENTICATION_KEY: 'RegisterAuthenticationKey',
+    TROUBLESHOOT_MULTIFACTOR_AUTHENTICATION: 'TroubleshootMultifactorAuthentication',
+    REQUEST_AUTHENTICATION_CHALLENGE: 'RequestAuthenticationChallenge',
 } as const;
 
 type SideEffectRequestCommand = ValueOf<typeof SIDE_EFFECT_REQUEST_COMMANDS>;
@@ -1324,6 +1328,9 @@ type SideEffectRequestCommandParameters = {
     [SIDE_EFFECT_REQUEST_COMMANDS.ACCEPT_SPOTNANA_TERMS]: Parameters.AcceptSpotnanaTermsParams;
     [SIDE_EFFECT_REQUEST_COMMANDS.GET_SCIM_TOKEN]: Parameters.GetScimTokenParams;
     [SIDE_EFFECT_REQUEST_COMMANDS.COMPLETE_GUIDED_SETUP]: Parameters.CompleteGuidedSetupParams;
+    [SIDE_EFFECT_REQUEST_COMMANDS.REGISTER_AUTHENTICATION_KEY]: Parameters.RegisterAuthenticationKeyParams;
+    [SIDE_EFFECT_REQUEST_COMMANDS.TROUBLESHOOT_MULTIFACTOR_AUTHENTICATION]: Parameters.TroubleshootMultifactorAuthenticationParams;
+    [SIDE_EFFECT_REQUEST_COMMANDS.REQUEST_AUTHENTICATION_CHALLENGE]: Parameters.RequestAuthenticationChallengeParams;
 };
 
 type ApiRequestCommandParameters = WriteCommandParameters & ReadCommandParameters & SideEffectRequestCommandParameters;
diff --git a/src/libs/MultifactorAuthentication/Biometrics/Challenge.ts b/src/libs/MultifactorAuthentication/Biometrics/Challenge.ts
new file mode 100644
index 0000000000000..72b60ef198590
--- /dev/null
+++ b/src/libs/MultifactorAuthentication/Biometrics/Challenge.ts
@@ -0,0 +1,120 @@
+/**
+ * Manages the multifactor authentication challenge flow including requesting, signing, and sending challenges.
+ */
+import type {MultifactorAuthenticationScenario, MultifactorAuthenticationScenarioAdditionalParams} from '@components/MultifactorAuthentication/config/types';
+import {requestAuthenticationChallenge} from '@libs/actions/MultifactorAuthentication';
+import {signToken as signTokenED25519} from './ED25519';
+import type {MultifactorAuthenticationChallengeObject, SignedChallenge} from './ED25519/types';
+import {isChallengeSigned, processScenario} from './helpers';
+import {PrivateKeyStore, PublicKeyStore} from './KeyStore';
+import type {ChallengeType, MultifactorAuthenticationMethodCode, MultifactorAuthenticationPartialStatus, MultifactorAuthenticationReason, MultifactorKeyStoreOptions} from './types';
+import VALUES from './VALUES';
+
+/**
+ * Handles the complete lifecycle of a multifactor authentication challenge for a specific scenario.
+ * Manages requesting challenges from the server, signing them with the private key, and sending signed challenges back.
+ */
+class MultifactorAuthenticationChallenge<T extends MultifactorAuthenticationScenario> {
+    private challenge: MultifactorAuthenticationChallengeObject | SignedChallenge | undefined = undefined;
+
+    private authenticationMethod: MultifactorAuthenticationMethodCode | undefined = undefined;
+
+    private publicKeys: string[] = [];
+
+    constructor(
+        private readonly scenario: T,
+        private readonly params: MultifactorAuthenticationScenarioAdditionalParams<T>,
+        private readonly options: MultifactorKeyStoreOptions<typeof VALUES.KEY_ALIASES.PRIVATE_KEY>,
+        private readonly challengeType: ChallengeType = 'authentication',
+    ) {}
+
+    /**
+     * Creates an error return value with the given reason.
+     */
+    private createErrorReturnValue(reasonKey: MultifactorAuthenticationReason): MultifactorAuthenticationPartialStatus<boolean, true> {
+        return {value: false, reason: reasonKey};
+    }
+
+    /**
+     * Requests a new authentication challenge from the server and stores public keys.
+     */
+    public async request(): Promise<MultifactorAuthenticationPartialStatus<boolean, true>> {
+        const {challenge, publicKeys: authPublicKeys, reason: apiReason} = await requestAuthenticationChallenge(this.challengeType);
+        this.publicKeys = authPublicKeys ?? [];
+
+        const reason = apiReason === VALUES.REASON.BACKEND.UNKNOWN_RESPONSE ? VALUES.REASON.CHALLENGE.COULD_NOT_RETRIEVE_A_CHALLENGE : apiReason;
+
+        this.challenge = challenge;
+
+        return {reason: challenge ? VALUES.REASON.CHALLENGE.CHALLENGE_RECEIVED : reason, value: true};
+    }
+
+    /**
+     * Checks if the secure store contains a public key known to the server. If so, a challenge is signed using that key.
+     */
+    public async sign(
+        accountID: number,
+        chainedPrivateKeyStatus?: MultifactorAuthenticationPartialStatus<string | null, true>,
+    ): Promise<MultifactorAuthenticationPartialStatus<boolean, true>> {
+        if (!this.challenge) {
+            return this.createErrorReturnValue(VALUES.REASON.CHALLENGE.CHALLENGE_MISSING);
+        }
+
+        if (isChallengeSigned(this.challenge)) {
+            return this.createErrorReturnValue(VALUES.REASON.CHALLENGE.CHALLENGE_ALREADY_SIGNED);
+        }
+
+        const {value, type, reason} = chainedPrivateKeyStatus?.value ? chainedPrivateKeyStatus : await PrivateKeyStore.get(accountID, this.options);
+
+        if (!value) {
+            return this.createErrorReturnValue(reason || VALUES.REASON.KEYSTORE.KEY_MISSING);
+        }
+
+        const {value: publicKey} = await PublicKeyStore.get(accountID);
+
+        if (!publicKey || !this.publicKeys.includes(publicKey)) {
+            await Promise.all([PrivateKeyStore.delete(accountID), PublicKeyStore.delete(accountID)]);
+            return this.createErrorReturnValue(VALUES.REASON.KEYSTORE.REGISTRATION_REQUIRED);
+        }
+
+        this.challenge = signTokenED25519(this.challenge, value, publicKey);
+        this.authenticationMethod = type;
+
+        return {value: true, reason: VALUES.REASON.CHALLENGE.CHALLENGE_SIGNED, type};
+    }
+
+    /**
+     * Sends the signed challenge to the server for the specific scenario.
+     */
+    public async send(): Promise<MultifactorAuthenticationPartialStatus<boolean, true>> {
+        if (!this.challenge || !isChallengeSigned(this.challenge)) {
+            return this.createErrorReturnValue(VALUES.REASON.GENERIC.SIGNATURE_MISSING);
+        }
+
+        const authorizationResult = processScenario(
+            this.scenario,
+            {
+                ...this.params,
+                signedChallenge: this.challenge,
+            },
+            VALUES.FACTOR_COMBINATIONS.BIOMETRICS_AUTHENTICATION,
+        );
+
+        const {
+            reason,
+            step: {wasRecentStepSuccessful, isRequestFulfilled},
+        } = await authorizationResult;
+
+        if (!wasRecentStepSuccessful || !isRequestFulfilled) {
+            return this.createErrorReturnValue(reason === VALUES.REASON.BACKEND.UNKNOWN_RESPONSE ? VALUES.REASON.GENERIC.SIGNATURE_INVALID : reason);
+        }
+
+        return {
+            value: true,
+            reason: VALUES.REASON.BACKEND.AUTHORIZATION_SUCCESSFUL,
+            type: this.authenticationMethod,
+        };
+    }
+}
+
+export default MultifactorAuthenticationChallenge;
diff --git a/src/libs/MultifactorAuthentication/Biometrics/ED25519/index.ts b/src/libs/MultifactorAuthentication/Biometrics/ED25519/index.ts
index f5ba93e3e18a4..88fe959bdccf4 100644
--- a/src/libs/MultifactorAuthentication/Biometrics/ED25519/index.ts
+++ b/src/libs/MultifactorAuthentication/Biometrics/ED25519/index.ts
@@ -109,13 +109,22 @@ function createAuthenticatorData(rpId: string): Bytes {
 
 /**
  * Signs a multifactor authentication challenge for the given account identifier and key.
- * Returns a WebAuthn-compatible signed challenge structure.
+ * Returns a WebAuthn-compatible signed challenge structure using ED25519.
+ *
+ * @param credentialRequestOptions Challenge object from server (must be AuthenticationChallenge format)
+ * @param privateKey ED25519 private key in hex format
+ * @param publicKey ED25519 public key in base64url format (used as rawId)
+ * @returns SignedChallenge with ED25519 signature
  */
-function signToken(credentialRequestOptions: MultifactorAuthenticationChallengeObject, privateKey: string): SignedChallenge {
-    const rawId: Base64URLString = Base64URL.encode(VALUES.KEY_ALIASES.PUBLIC_KEY);
-    const type = VALUES.ED25519_TYPE;
+function signToken(credentialRequestOptions: MultifactorAuthenticationChallengeObject, privateKey: string, publicKey: Base64URLString): SignedChallenge {
+    // rawId should be the base64url-encoded public key, serving as credential identifier
+    const rawId: Base64URLString = publicKey;
+    const type = VALUES.ED25519_TYPE; // "biometric"
+
+    // Extract rpId from challenge - handle both authentication and registration formats
+    const rpId = 'rpId' in credentialRequestOptions ? credentialRequestOptions.rpId : credentialRequestOptions.rp.id;
 
-    const authenticatorDataBytes = createAuthenticatorData(credentialRequestOptions.rpId);
+    const authenticatorDataBytes = createAuthenticatorData(rpId);
     const authenticatorData: Base64URLString = Base64URL.encode(authenticatorDataBytes);
 
     const clientDataJSON = JSON.stringify({challenge: credentialRequestOptions.challenge});
diff --git a/src/libs/MultifactorAuthentication/Biometrics/ED25519/types.ts b/src/libs/MultifactorAuthentication/Biometrics/ED25519/types.ts
index ec3e65af97df5..6cfe08509a9ac 100644
--- a/src/libs/MultifactorAuthentication/Biometrics/ED25519/types.ts
+++ b/src/libs/MultifactorAuthentication/Biometrics/ED25519/types.ts
@@ -6,7 +6,8 @@ import type {Base64URLString} from '@src/utils/Base64URL';
 type ChallengeFlags = number;
 
 /**
- * Signed multifactor authentication challenge matching the WebAuthn response shape.
+ * Signed multifactor authentication challenge for biometric authentication.
+ * Uses ED25519 signature format with authenticatorData and signature.
  */
 type SignedChallenge = {
     rawId: Base64URLString;
@@ -19,21 +20,45 @@ type SignedChallenge = {
 };
 
 /**
- * Challenge parameters required to initiate a multifactor authentication request.
+ * Registration challenge for biometric key registration.
+ * Full WebAuthn format that specifies allowed credential types.
+ * Per spec: When registering a new biometric key, webauthn specification requires a challenge be supplied to sign the newly generated key.
  */
-type MultifactorAuthenticationChallengeObject = {
+type RegistrationChallenge = {
     challenge: string;
+    rp: {id: string};
+    user: {
+        id: string;
+        displayName: string;
+    };
+    pubKeyCredParams: Array<{
+        type: string;
+        alg: number;
+    }>;
+    timeout: number;
+};
 
-    rpId: string;
+/**
+ * Challenge object can be either authentication or registration format.
+ * The backend sends different structures depending on the challengeType parameter.
+ */
+type MultifactorAuthenticationChallengeObject = AuthenticationChallenge | RegistrationChallenge;
 
+/**
+ * Authentication challenge for biometric authentication flow.
+ * This is a simplified nonce-based challenge used for ED25519 biometric signing.
+ * Per spec: Used when a MultifactorAuthenticationCommand requires public-key authentication.
+ */
+type AuthenticationChallenge = {
+    challenge: string;
+    rpId: string;
     allowCredentials: Array<{
         type: string;
         id: string;
     }>;
-
     userVerification: string;
-
     timeout: number;
+    expires?: string;
 };
 
-export type {MultifactorAuthenticationChallengeObject, ChallengeFlags, SignedChallenge};
+export type {MultifactorAuthenticationChallengeObject, ChallengeFlags, SignedChallenge, AuthenticationChallenge, RegistrationChallenge};
diff --git a/src/libs/MultifactorAuthentication/Biometrics/KeyStore.ts b/src/libs/MultifactorAuthentication/Biometrics/KeyStore.ts
new file mode 100644
index 0000000000000..7082388ad3ac7
--- /dev/null
+++ b/src/libs/MultifactorAuthentication/Biometrics/KeyStore.ts
@@ -0,0 +1,122 @@
+/**
+ * Manages secure storage and retrieval of cryptographic keys for multifactor authentication.
+ */
+import {decodeExpoMessage} from './helpers';
+import {SECURE_STORE_METHODS, SECURE_STORE_VALUES} from './SecureStore';
+import type {SecureStoreOptions} from './SecureStore';
+import type {MultifactorAuthenticationKeyType, MultifactorAuthenticationPartialStatus, MultifactorKeyStoreOptions} from './types';
+import VALUES from './VALUES';
+
+/**
+ * Static options for secure store operations.
+ */
+const STATIC_OPTIONS = {
+    keychainService: VALUES.KEYCHAIN_SERVICE,
+    keychainAccessible: SECURE_STORE_VALUES.WHEN_PASSCODE_SET_THIS_DEVICE_ONLY,
+    enableDeviceFallback: true,
+    returnUsedAuthenticationType: true,
+} as const;
+
+/**
+ * Configures secure store options based on the key type and provided options.
+ * Private keys require additional authentication and are protected from updates.
+ */
+const secureStoreOptions = <T extends MultifactorAuthenticationKeyType>(key: T, KSOptions: MultifactorKeyStoreOptions<T>): SecureStoreOptions => {
+    const isPrivateKey = key === VALUES.KEY_ALIASES.PRIVATE_KEY;
+
+    return {
+        failOnUpdate: isPrivateKey,
+        requireAuthentication: isPrivateKey,
+        forceAuthenticationOnSave: isPrivateKey,
+        forceReadAuthenticationOnSimulators: isPrivateKey,
+        authenticationPrompt: KSOptions?.nativePromptTitle,
+    };
+};
+
+/**
+ * Manages storage and retrieval of a specific key type (public or private) in secure storage.
+ * Handles encryption, authentication, and error management for cryptographic keys.
+ */
+class MultifactorAuthenticationKeyStore<T extends MultifactorAuthenticationKeyType> {
+    constructor(private readonly key: T) {}
+
+    /**
+     * Saves a key to secure storage for the given account.
+     */
+    public async set(accountID: number, value: string, KSOptions: MultifactorKeyStoreOptions<T>): Promise<MultifactorAuthenticationPartialStatus<boolean, true>> {
+        try {
+            const alias = `${accountID}_${this.key}`;
+            const type = await SECURE_STORE_METHODS.setItemAsync(alias, value, {...secureStoreOptions(this.key, KSOptions), ...STATIC_OPTIONS});
+            return {
+                value: true,
+                reason: VALUES.REASON.KEYSTORE.KEY_SAVED,
+                type,
+            };
+        } catch (error) {
+            return {
+                value: false,
+                reason: decodeExpoMessage(error, VALUES.REASON.KEYSTORE.UNABLE_TO_SAVE_KEY),
+            };
+        }
+    }
+
+    /**
+     * Deletes a key from secure storage for the given account.
+     */
+    public async delete(accountID: number): Promise<MultifactorAuthenticationPartialStatus<boolean, true>> {
+        try {
+            const alias = `${accountID}_${this.key}`;
+            await SECURE_STORE_METHODS.deleteItemAsync(alias, {
+                keychainService: VALUES.KEYCHAIN_SERVICE,
+            });
+            return {
+                value: true,
+                reason: VALUES.REASON.KEYSTORE.KEY_DELETED,
+            };
+        } catch (error) {
+            return {
+                value: false,
+                reason: decodeExpoMessage(error, VALUES.REASON.KEYSTORE.UNABLE_TO_DELETE_KEY),
+            };
+        }
+    }
+
+    /**
+     * Retrieves a key from secure storage for the given account with optional authentication.
+     */
+    public async get(accountID: number, KSOptions: MultifactorKeyStoreOptions<T>): Promise<MultifactorAuthenticationPartialStatus<string | null, true>> {
+        try {
+            const alias = `${accountID}_${this.key}`;
+            const [key, type] = await SECURE_STORE_METHODS.getItemAsync(alias, {...secureStoreOptions(this.key, KSOptions), ...STATIC_OPTIONS});
+            return {
+                value: key,
+                reason: key ? VALUES.REASON.KEYSTORE.KEY_RETRIEVED : VALUES.REASON.KEYSTORE.KEY_NOT_FOUND,
+                type,
+            };
+        } catch (error) {
+            return {
+                value: null,
+                reason: decodeExpoMessage(error, VALUES.REASON.KEYSTORE.UNABLE_TO_RETRIEVE_KEY),
+            };
+        }
+    }
+
+    /**
+     * Checks what authentication methods are supported on this device.
+     */
+    get supportedAuthentication() {
+        return {biometrics: SECURE_STORE_METHODS.canUseBiometricAuthentication(), credentials: SECURE_STORE_METHODS.canUseDeviceCredentialsAuthentication()};
+    }
+}
+
+/**
+ * Store instance for managing private keys.
+ */
+const MultifactorAuthenticationPrivateKeyStore = new MultifactorAuthenticationKeyStore(VALUES.KEY_ALIASES.PRIVATE_KEY);
+
+/**
+ * Store instance for managing public keys.
+ */
+const MultifactorAuthenticationPublicKeyStore = new MultifactorAuthenticationKeyStore(VALUES.KEY_ALIASES.PUBLIC_KEY);
+
+export {MultifactorAuthenticationPrivateKeyStore as PrivateKeyStore, MultifactorAuthenticationPublicKeyStore as PublicKeyStore};
diff --git a/src/libs/MultifactorAuthentication/Biometrics/Observer.ts b/src/libs/MultifactorAuthentication/Biometrics/Observer.ts
new file mode 100644
index 0000000000000..5a012f474071f
--- /dev/null
+++ b/src/libs/MultifactorAuthentication/Biometrics/Observer.ts
@@ -0,0 +1,25 @@
+/**
+ * Observer pattern implementation for multifactor authentication callbacks.
+ */
+import {MultifactorAuthenticationCallbacks} from './VALUES';
+
+/**
+ * Manages registration and storage of multifactor authentication callback functions.
+ * Used for subscribing to authentication flow events.
+ */
+const MultifactorAuthenticationObserver = {
+    /**
+     * Registers a callback function for a specific event ID.
+     */
+    registerCallback: (id: string, callback: () => unknown) => {
+        MultifactorAuthenticationCallbacks.onFulfill[id] = callback;
+    },
+    unregisterCallback: (id: string) => {
+        delete MultifactorAuthenticationCallbacks.onFulfill[id];
+    },
+    clearAllCallbacks: () => {
+        MultifactorAuthenticationCallbacks.onFulfill = {};
+    },
+};
+
+export default MultifactorAuthenticationObserver;
diff --git a/src/libs/MultifactorAuthentication/Biometrics/SecureStore/MQValues.ts b/src/libs/MultifactorAuthentication/Biometrics/SecureStore/MQValues.ts
new file mode 100644
index 0000000000000..a0b531d958a9f
--- /dev/null
+++ b/src/libs/MultifactorAuthentication/Biometrics/SecureStore/MQValues.ts
@@ -0,0 +1,45 @@
+/**
+ * Values required by Marqeta in requests for the 3DS authentication.
+ * @see https://www.marqeta.com/docs/core-api/3ds/#_the_threedschallengeresultrequest_object
+ */
+
+const AUTHENTICATION_METHOD = {
+    /** Facial recognition authentication */
+    BIOMETRIC_FACE: 'BIOMETRIC_FACE',
+
+    /** Fingerprint authentication */
+    BIOMETRIC_FINGERPRINT: 'BIOMETRIC_FINGERPRINT',
+
+    /** Voice pattern recognition authentication */
+    VOICE_RECOGNITION: 'VOICE_RECOGNITION',
+
+    /** Authentication within the issuer’s mobile application */
+    IN_APP_LOGIN: 'IN_APP_LOGIN',
+
+    /** Voice call with human or automated verification */
+    AUDIO_CALL: 'AUDIO_CALL',
+
+    /** Video call with human verification */
+    VIDEO_CALL: 'VIDEO_CALL',
+
+    /** One-time password sent via SMS text message */
+    OTP_SMS: 'OTP_SMS',
+
+    /** One-time password sent via email */
+    OTP_EMAIL: 'OTP_EMAIL',
+
+    /** Knowledge-based authentication, such as security questions */
+    KNOWLEDGE_BASED: 'KNOWLEDGE_BASED',
+
+    /** Other authentication method not listed above */
+    OTHER: 'OTHER',
+
+    /** None is used in case of an error; the server will reject authorization with this type. */
+    NONE: '',
+} as const;
+
+const MQ_VALUES = {
+    AUTHENTICATION_METHOD,
+} as const;
+
+export default MQ_VALUES;
diff --git a/src/libs/MultifactorAuthentication/Biometrics/SecureStore/index.ts b/src/libs/MultifactorAuthentication/Biometrics/SecureStore/index.ts
index ec68f5c132de9..761437dd2cdee 100644
--- a/src/libs/MultifactorAuthentication/Biometrics/SecureStore/index.ts
+++ b/src/libs/MultifactorAuthentication/Biometrics/SecureStore/index.ts
@@ -1,4 +1,5 @@
 import * as SecureStore from 'expo-secure-store';
+import MQ_VALUES from './MQValues';
 import type {SecureStoreMethods, SecureStoreValues} from './types';
 
 /**
@@ -12,26 +13,32 @@ const SECURE_STORE_VALUES = {
         UNKNOWN: {
             CODE: SecureStore.AUTH_TYPE.UNKNOWN,
             NAME: 'Unknown',
+            MQ_VALUE: MQ_VALUES.AUTHENTICATION_METHOD.KNOWLEDGE_BASED,
         },
         NONE: {
             CODE: SecureStore.AUTH_TYPE.NONE,
             NAME: 'None',
+            MQ_VALUE: MQ_VALUES.AUTHENTICATION_METHOD.NONE,
         },
         CREDENTIALS: {
             CODE: SecureStore.AUTH_TYPE.CREDENTIALS,
             NAME: 'Credentials',
+            MQ_VALUE: MQ_VALUES.AUTHENTICATION_METHOD.KNOWLEDGE_BASED,
         },
         BIOMETRICS: {
             CODE: SecureStore.AUTH_TYPE.BIOMETRICS,
             NAME: 'Biometrics',
+            MQ_VALUE: MQ_VALUES.AUTHENTICATION_METHOD.BIOMETRIC_FINGERPRINT,
         },
         FACE_ID: {
             CODE: SecureStore.AUTH_TYPE.FACE_ID,
             NAME: 'FaceID',
+            MQ_VALUE: MQ_VALUES.AUTHENTICATION_METHOD.BIOMETRIC_FACE,
         },
         TOUCH_ID: {
             CODE: SecureStore.AUTH_TYPE.TOUCH_ID,
             NAME: 'TouchID',
+            MQ_VALUE: MQ_VALUES.AUTHENTICATION_METHOD.BIOMETRIC_FINGERPRINT,
         },
         /**
          * OpticID is reserved by apple, used on Apple Vision Pro and not iOS.
@@ -40,6 +47,7 @@ const SECURE_STORE_VALUES = {
         OPTIC_ID: {
             CODE: SecureStore.AUTH_TYPE.OPTIC_ID,
             NAME: 'OpticID',
+            MQ_VALUE: MQ_VALUES.AUTHENTICATION_METHOD.BIOMETRIC_FACE,
         },
     },
     /**
diff --git a/src/libs/MultifactorAuthentication/Biometrics/SecureStore/index.web.ts b/src/libs/MultifactorAuthentication/Biometrics/SecureStore/index.web.ts
index 797467f72f8f1..ae6f32913a459 100644
--- a/src/libs/MultifactorAuthentication/Biometrics/SecureStore/index.web.ts
+++ b/src/libs/MultifactorAuthentication/Biometrics/SecureStore/index.web.ts
@@ -1,3 +1,4 @@
+import MQ_VALUES from './MQValues';
 import type {SecureStoreMethods, SecureStoreValues} from './types';
 
 /**
@@ -9,30 +10,37 @@ const SECURE_STORE_VALUES = {
         UNKNOWN: {
             CODE: -1,
             NAME: 'Unknown',
+            MQ_VALUE: MQ_VALUES.AUTHENTICATION_METHOD.OTHER,
         },
         NONE: {
             CODE: 0,
             NAME: 'None',
+            MQ_VALUE: MQ_VALUES.AUTHENTICATION_METHOD.OTHER,
         },
         CREDENTIALS: {
             CODE: 1,
             NAME: 'Credentials',
+            MQ_VALUE: MQ_VALUES.AUTHENTICATION_METHOD.KNOWLEDGE_BASED,
         },
         BIOMETRICS: {
             CODE: 2,
             NAME: 'Biometrics',
+            MQ_VALUE: MQ_VALUES.AUTHENTICATION_METHOD.BIOMETRIC_FINGERPRINT,
         },
         FACE_ID: {
             CODE: 3,
             NAME: 'FaceID',
+            MQ_VALUE: MQ_VALUES.AUTHENTICATION_METHOD.BIOMETRIC_FACE,
         },
         TOUCH_ID: {
             CODE: 4,
             NAME: 'TouchID',
+            MQ_VALUE: MQ_VALUES.AUTHENTICATION_METHOD.BIOMETRIC_FINGERPRINT,
         },
         OPTIC_ID: {
             CODE: 5,
             NAME: 'OpticID',
+            MQ_VALUE: MQ_VALUES.AUTHENTICATION_METHOD.OTHER,
         },
     },
     WHEN_PASSCODE_SET_THIS_DEVICE_ONLY: -1,
diff --git a/src/libs/MultifactorAuthentication/Biometrics/SecureStore/types.ts b/src/libs/MultifactorAuthentication/Biometrics/SecureStore/types.ts
index ce41c29f71cfc..355b08394085a 100644
--- a/src/libs/MultifactorAuthentication/Biometrics/SecureStore/types.ts
+++ b/src/libs/MultifactorAuthentication/Biometrics/SecureStore/types.ts
@@ -9,6 +9,7 @@
 type AuthTypeInfo = {
     CODE: number;
     NAME: string;
+    MQ_VALUE: string;
 };
 
 /**
diff --git a/src/libs/MultifactorAuthentication/Biometrics/VALUES.ts b/src/libs/MultifactorAuthentication/Biometrics/VALUES.ts
index 975ea9e9ae948..3638cfbeeb075 100644
--- a/src/libs/MultifactorAuthentication/Biometrics/VALUES.ts
+++ b/src/libs/MultifactorAuthentication/Biometrics/VALUES.ts
@@ -1,13 +1,257 @@
+/**
+ * Constants for multifactor authentication biometrics flow and API responses.
+ */
+import {PROMPT_NAMES, SCENARIO_NAMES} from '@components/MultifactorAuthentication/config/scenarios/names';
+
+/**
+ * Callback registry for multifactor authentication flow events.
+ */
+const MultifactorAuthenticationCallbacks: {
+    onFulfill: Record<string, () => void>;
+} = {
+    onFulfill: {},
+};
+
+const REASON = {
+    /** Backend reason messages for multifactor authentication responses. */
+    BACKEND: {
+        INVALID_CHALLENGE_TYPE: 'Invalid challenge type',
+        CHALLENGE_GENERATED: 'Challenge generated successfully',
+        BIOMETRICS_REGISTERED: 'Biometrics registration successful',
+        AUTHORIZATION_SUCCESSFUL: 'User authorized successfully',
+        REGISTRATION_REQUIRED: 'Registration required',
+        TOO_MANY_ATTEMPTS: 'Too many attempts',
+        MISSING_CHALLENGE_TYPE: 'Missing challengeType',
+        INVALID_SIGNED_CHALLENGE: 'Invalid signed challenge',
+        AUTHENTICATION_REQUIRED: 'Authentication required',
+        UNAUTHORIZED: 'Unauthorized',
+        INVALID_KEY: 'Invalid key',
+        INVALID_VALIDATE_CODE: 'Invalid validate code',
+        SIGNATURE_VERIFICATION_FAILED: 'Signature verification failed',
+        NO_PENDING_REGISTRATION_CHALLENGE: 'No pending registration challenge',
+        UNKNOWN_RESPONSE: 'Unknown response',
+    },
+    CHALLENGE: {
+        COULD_NOT_RETRIEVE_A_CHALLENGE: 'Could not retrieve a challenge',
+        CHALLENGE_MISSING: 'Challenge is missing',
+        CHALLENGE_ALREADY_SIGNED: 'Challenge is already signed',
+        CHALLENGE_RECEIVED: 'Challenge received successfully',
+        CHALLENGE_SIGNED: 'Challenge signed successfully',
+    },
+    EXPO: {
+        CANCELED: 'Authentication canceled by user',
+        IN_PROGRESS: 'Authentication already in progress',
+        NOT_IN_FOREGROUND: 'Application must be in the foreground',
+        KEY_EXISTS: 'This key already exists',
+        NO_METHOD_AVAILABLE: 'No authentication methods available',
+        NOT_SUPPORTED: 'This feature is not supported on the device',
+        GENERIC: 'An error occurred',
+    },
+    GENERIC: {
+        SIGNATURE_INVALID: 'Signature is invalid',
+        SIGNATURE_MISSING: 'Signature is missing',
+        NO_ACTION_MADE_YET: 'No action has been made yet',
+        FACTORS_ERROR: 'Authentication factors error',
+        FACTORS_VERIFIED: 'Authentication factors verified',
+        VALIDATE_CODE_MISSING: 'Validate code is missing',
+    },
+    KEYSTORE: {
+        KEY_DELETED: 'Key successfully deleted from SecureStore',
+        REGISTRATION_REQUIRED: 'Key is stored locally but not found on server',
+        KEY_MISSING: 'Key is missing',
+        KEY_SAVED: 'Key successfully saved in SecureStore',
+        UNABLE_TO_SAVE_KEY: 'Failed to save key in SecureStore',
+        UNABLE_TO_DELETE_KEY: 'Failed to delete key from SecureStore',
+        KEY_RETRIEVED: 'Key successfully retrieved from SecureStore',
+        KEY_NOT_FOUND: 'Key not found in SecureStore',
+        UNABLE_TO_RETRIEVE_KEY: 'Failed to retrieve key from SecureStore',
+    },
+} as const;
+
+// Disables ESLint rule because it throws an error when a key is a number like 401.
+/* eslint-disable @typescript-eslint/naming-convention */
+const MULTIFACTOR_AUTHENTICATION_COMMAND_BASE_RESPONSE_MAP = {
+    401: {
+        INVALID_SIGNED_CHALLENGE: REASON.BACKEND.INVALID_SIGNED_CHALLENGE,
+        REGISTRATION_REQUIRED: REASON.BACKEND.REGISTRATION_REQUIRED,
+        AUTHENTICATION_REQUIRED: REASON.BACKEND.AUTHENTICATION_REQUIRED,
+        UNAUTHORIZED: REASON.BACKEND.UNAUTHORIZED,
+    },
+} as const;
+
+/**
+ * Maps API endpoints to their HTTP status codes and corresponding reason messages.
+ */
+const API_RESPONSE_MAP = {
+    REQUEST_AUTHENTICATION_CHALLENGE: {
+        200: REASON.BACKEND.CHALLENGE_GENERATED,
+        400: {
+            INVALID_CHALLENGE_TYPE: REASON.BACKEND.INVALID_CHALLENGE_TYPE,
+            REGISTRATION_REQUIRED: REASON.BACKEND.REGISTRATION_REQUIRED,
+        },
+        401: {
+            TOO_MANY_ATTEMPTS: REASON.BACKEND.TOO_MANY_ATTEMPTS,
+        },
+        402: {
+            MISSING_CHALLENGE_TYPE: REASON.BACKEND.MISSING_CHALLENGE_TYPE,
+        },
+    },
+    REGISTER_AUTHENTICATION_KEY: {
+        200: REASON.BACKEND.BIOMETRICS_REGISTERED,
+        400: {
+            INVALID_KEY: REASON.BACKEND.INVALID_KEY,
+        },
+        401: {
+            INVALID_VALIDATE_CODE: REASON.BACKEND.INVALID_VALIDATE_CODE,
+            SIGNATURE_VERIFICATION_FAILED: REASON.BACKEND.SIGNATURE_VERIFICATION_FAILED,
+            TOO_MANY_ATTEMPTS: REASON.BACKEND.TOO_MANY_ATTEMPTS,
+            NO_PENDING_REGISTRATION_CHALLENGE: REASON.BACKEND.NO_PENDING_REGISTRATION_CHALLENGE,
+        },
+    },
+    TROUBLESHOOT_MULTIFACTOR_AUTHENTICATION: {
+        ...MULTIFACTOR_AUTHENTICATION_COMMAND_BASE_RESPONSE_MAP,
+        200: REASON.BACKEND.AUTHORIZATION_SUCCESSFUL,
+    },
+} as const;
+/* eslint-enable @typescript-eslint/naming-convention */
+
+/**
+ * Factor origin types for multifactor authentication.
+ */
+const MULTIFACTOR_AUTHENTICATION_FACTOR_ORIGIN = {
+    BIOMETRICS: 'Biometrics',
+    ADDITIONAL: 'Additional',
+} as const;
+
+/**
+ * Available multifactor authentication factors.
+ */
+const MULTIFACTOR_AUTHENTICATION_FACTORS = {
+    SIGNED_CHALLENGE: 'SIGNED_CHALLENGE',
+    VALIDATE_CODE: 'VALIDATE_CODE',
+} as const;
+
+/**
+ * Expo error message search strings and separator.
+ */
+const EXPO_ERRORS = {
+    SEPARATOR: 'Caused by:',
+    SEARCH_STRING: {
+        NOT_IN_FOREGROUND: 'not in the foreground',
+        IN_PROGRESS: 'in progress',
+        CANCELED: 'canceled',
+        EXISTS: 'already exists',
+        NO_AUTHENTICATION: 'No authentication method available',
+        OLD_ANDROID: 'NoSuchMethodError',
+    },
+} as const;
+
+/**
+ * Maps authentication factors and Expo errors to appropriate reason messages.
+ */
+const MULTIFACTOR_AUTHENTICATION_ERROR_MAPPINGS = {
+    /** Maps authentication factors to their missing error translation paths */
+    FACTOR_MISSING_REASONS: {
+        [MULTIFACTOR_AUTHENTICATION_FACTORS.VALIDATE_CODE]: REASON.GENERIC.VALIDATE_CODE_MISSING,
+        [MULTIFACTOR_AUTHENTICATION_FACTORS.SIGNED_CHALLENGE]: REASON.GENERIC.SIGNATURE_MISSING,
+    },
+
+    /** Maps authentication factors to their invalid error translation paths */
+    FACTOR_INVALID_REASONS: {
+        [MULTIFACTOR_AUTHENTICATION_FACTORS.VALIDATE_CODE]: REASON.BACKEND.INVALID_VALIDATE_CODE,
+        [MULTIFACTOR_AUTHENTICATION_FACTORS.SIGNED_CHALLENGE]: REASON.GENERIC.SIGNATURE_INVALID,
+    },
+    EXPO_ERROR_MAPPINGS: {
+        [EXPO_ERRORS.SEARCH_STRING.CANCELED]: REASON.EXPO.CANCELED,
+        [EXPO_ERRORS.SEARCH_STRING.IN_PROGRESS]: REASON.EXPO.IN_PROGRESS,
+        [EXPO_ERRORS.SEARCH_STRING.NOT_IN_FOREGROUND]: REASON.EXPO.NOT_IN_FOREGROUND,
+        [EXPO_ERRORS.SEARCH_STRING.EXISTS]: REASON.EXPO.KEY_EXISTS,
+        [EXPO_ERRORS.SEARCH_STRING.NO_AUTHENTICATION]: REASON.EXPO.NO_METHOD_AVAILABLE,
+        [EXPO_ERRORS.SEARCH_STRING.OLD_ANDROID]: REASON.EXPO.NOT_SUPPORTED,
+    },
+} as const;
+
 /**
  * Centralized constants used by the multifactor authentication biometrics flow.
  * It is stored here instead of the CONST file to avoid circular dependencies.
  */
 const MULTIFACTOR_AUTHENTICATION_VALUES = {
-    /** Referred to as the EdDSA in the Auth */
+    /**
+     * Keychain service name for secure key storage.
+     */
+    KEYCHAIN_SERVICE: 'Expensify',
+
+    /**
+     * EdDSA key type identifier referred to as EdDSA in the Auth system.
+     */
     ED25519_TYPE: 'biometric',
+
+    /**
+     * Key alias identifiers for secure storage.
+     */
     KEY_ALIASES: {
         PUBLIC_KEY: '3DS_SCA_KEY_PUBLIC',
+        PRIVATE_KEY: '3DS_SCA_KEY_PRIVATE',
+    },
+    EXPO_ERRORS,
+
+    /**
+     * Defines the requirements and configuration for each authentication factor.
+     */
+    FACTORS_REQUIREMENTS: {
+        SIGNED_CHALLENGE: {
+            id: MULTIFACTOR_AUTHENTICATION_FACTORS.SIGNED_CHALLENGE,
+            name: 'Signed Challenge',
+            parameter: 'signedChallenge',
+            length: undefined,
+            origin: MULTIFACTOR_AUTHENTICATION_FACTOR_ORIGIN.BIOMETRICS,
+        },
+        VALIDATE_CODE: {
+            id: MULTIFACTOR_AUTHENTICATION_FACTORS.VALIDATE_CODE,
+            name: 'Email One-Time Password',
+            parameter: 'validateCode',
+            length: 6,
+            origin: MULTIFACTOR_AUTHENTICATION_FACTOR_ORIGIN.ADDITIONAL,
+        },
+    },
+
+    /**
+     * Valid authentication factor combinations for different scenarios.
+     */
+    FACTOR_COMBINATIONS: {
+        REGISTRATION: [MULTIFACTOR_AUTHENTICATION_FACTORS.VALIDATE_CODE],
+        BIOMETRICS_AUTHENTICATION: [MULTIFACTOR_AUTHENTICATION_FACTORS.SIGNED_CHALLENGE],
+    },
+
+    /**
+     * Factor origin classifications.
+     */
+    FACTORS_ORIGIN: MULTIFACTOR_AUTHENTICATION_FACTOR_ORIGIN,
+
+    /**
+     * Scenario name mappings.
+     */
+    SCENARIO: SCENARIO_NAMES,
+
+    /**
+     * Prompt name mappings.
+     */
+    PROMPT: PROMPT_NAMES,
+
+    /**
+     * Authentication type identifiers.
+     */
+    TYPE: {
+        BIOMETRICS: 'BIOMETRICS',
+    },
+    CHALLENGE_TYPE: {
+        REGISTRATION: 'registration',
+        AUTHENTICATION: 'authentication',
     },
+    FACTORS: MULTIFACTOR_AUTHENTICATION_FACTORS,
+    API_RESPONSE_MAP,
+    REASON,
 } as const;
 
+export {MultifactorAuthenticationCallbacks, MULTIFACTOR_AUTHENTICATION_ERROR_MAPPINGS};
 export default MULTIFACTOR_AUTHENTICATION_VALUES;
diff --git a/src/libs/MultifactorAuthentication/Biometrics/helpers.ts b/src/libs/MultifactorAuthentication/Biometrics/helpers.ts
new file mode 100644
index 0000000000000..93b30a9953865
--- /dev/null
+++ b/src/libs/MultifactorAuthentication/Biometrics/helpers.ts
@@ -0,0 +1,234 @@
+/**
+ * Helper utilities for multifactor authentication biometrics operations.
+ */
+import type {Entries, ValueOf} from 'type-fest';
+import {MULTIFACTOR_AUTHENTICATION_SCENARIO_CONFIG} from '@components/MultifactorAuthentication/config';
+import type {
+    MultifactorAuthenticationProcessScenarioParameters,
+    MultifactorAuthenticationScenario,
+    MultifactorAuthenticationScenarioConfig,
+    MultifactorAuthenticationScenarioParams,
+    MultifactorAuthenticationScenarioResponseWithSuccess,
+} from '@components/MultifactorAuthentication/config/types';
+import type {MultifactorAuthenticationChallengeObject, SignedChallenge} from './ED25519/types';
+import type {
+    AllMultifactorAuthenticationFactors,
+    MultifactorAuthenticationFactor,
+    MultifactorAuthenticationPartialStatus,
+    MultifactorAuthenticationReason,
+    MultifactorAuthenticationResponseMap,
+} from './types';
+import VALUES, {MULTIFACTOR_AUTHENTICATION_ERROR_MAPPINGS} from './VALUES';
+
+type ParseHTTPSource = ValueOf<MultifactorAuthenticationResponseMap>;
+
+const httpCodeIsDefined = (source: ParseHTTPSource, httpCode: number): httpCode is keyof ParseHTTPSource => Object.keys(source).some((key) => Number(key) === httpCode);
+
+const findMessageInSource = (source: ParseHTTPSource[keyof ParseHTTPSource], message: string | undefined): MultifactorAuthenticationReason => {
+    if (!message) {
+        return VALUES.REASON.BACKEND.UNKNOWN_RESPONSE;
+    }
+
+    const sourceEntries = Object.entries(source) as Entries<typeof source>;
+    const [, value] = sourceEntries.find(([, predefinedMessage]) => predefinedMessage === message) ?? [];
+    return value ?? VALUES.REASON.BACKEND.UNKNOWN_RESPONSE;
+};
+
+/**
+ * Parses an HTTP response code along with a message and returns the corresponding HTTP code and reason.
+ */
+function parseHttpRequest(
+    jsonCode: string | number | undefined,
+    source: ParseHTTPSource,
+    message: string | undefined,
+): {
+    httpCode: number;
+    reason: MultifactorAuthenticationReason;
+} {
+    const httpCode = Number(jsonCode ?? 0);
+
+    if (!httpCodeIsDefined(source, httpCode)) {
+        return {
+            httpCode,
+            reason: VALUES.REASON.BACKEND.UNKNOWN_RESPONSE,
+        };
+    }
+
+    if (httpCode === 200) {
+        return {
+            httpCode,
+            reason: source[200],
+        };
+    }
+
+    const codes = source[httpCode];
+
+    return {
+        httpCode,
+        reason: findMessageInSource(codes, message),
+    };
+}
+
+/**
+ * Returns the appropriate error reason when a required authentication factor is missing.
+ */
+function factorMissingReason(factor: MultifactorAuthenticationFactor): MultifactorAuthenticationReason {
+    return MULTIFACTOR_AUTHENTICATION_ERROR_MAPPINGS.FACTOR_MISSING_REASONS[factor] ?? VALUES.REASON.GENERIC.FACTORS_ERROR;
+}
+
+/**
+ * Returns the appropriate error reason when an authentication factor is invalid.
+ */
+function factorInvalidReason(factor: MultifactorAuthenticationFactor): MultifactorAuthenticationReason {
+    return MULTIFACTOR_AUTHENTICATION_ERROR_MAPPINGS.FACTOR_INVALID_REASONS[factor] ?? VALUES.REASON.GENERIC.FACTORS_ERROR;
+}
+
+/**
+ * Creates an unsuccessful step result with the required factor for the next step.
+ */
+function createUnsuccessfulStep(requiredFactor: MultifactorAuthenticationFactor) {
+    return {
+        requiredFactorForNextStep: requiredFactor,
+        wasRecentStepSuccessful: false,
+        isRequestFulfilled: false,
+    };
+}
+
+/**
+ * Validates that all required authentication factors are present and valid.
+ * Checks factor existence and validates factor length if applicable.
+ */
+function areMultifactorAuthenticationFactorsSufficient(
+    factors: Partial<AllMultifactorAuthenticationFactors>,
+    factorsCombination: ValueOf<typeof VALUES.FACTOR_COMBINATIONS>,
+): MultifactorAuthenticationPartialStatus<true | string> {
+    const requiredFactors = factorsCombination.map((id) => VALUES.FACTORS_REQUIREMENTS[id]);
+
+    for (const {id, parameter, name, length} of requiredFactors) {
+        const value = factors[parameter];
+
+        // Check if factor is missing
+        if (value === undefined) {
+            return {
+                value: `Missing required factor: ${name} (${parameter})`,
+                step: createUnsuccessfulStep(id),
+                reason: factorMissingReason(id),
+            };
+        }
+
+        // Check if factor length is valid (if length requirement exists)
+        if (typeof length === 'number' && (typeof value === 'string' || typeof value === 'number')) {
+            const valueLength = String(value).length;
+            if (valueLength !== length) {
+                return {
+                    value: `Invalid length for factor: ${name} (${parameter}). Expected length ${length}, got length ${valueLength}`,
+                    step: createUnsuccessfulStep(id),
+                    reason: factorInvalidReason(id),
+                };
+            }
+        }
+    }
+
+    return {
+        value: true,
+        step: {
+            requiredFactorForNextStep: undefined,
+            wasRecentStepSuccessful: undefined,
+            isRequestFulfilled: false,
+        },
+        reason: VALUES.REASON.GENERIC.FACTORS_VERIFIED,
+    };
+}
+
+/**
+ * Processes the authorization response and determines the next step in the authentication flow.
+ */
+const transformMultifactorAuthenticationActionResponse = <T extends MultifactorAuthenticationScenario>(
+    status: MultifactorAuthenticationPartialStatus<MultifactorAuthenticationScenarioResponseWithSuccess, true>,
+    params: MultifactorAuthenticationScenarioParams<T>,
+    failedFactor?: MultifactorAuthenticationFactor,
+) => {
+    const {successful} = status.value;
+    const {validateCode} = params;
+
+    return {
+        ...status,
+        value: validateCode && successful ? validateCode : undefined,
+        step: {
+            requiredFactorForNextStep: failedFactor,
+            wasRecentStepSuccessful: successful,
+            isRequestFulfilled: !failedFactor,
+        },
+        reason: status.reason,
+    };
+};
+
+/**
+ * Processes a multifactor authentication scenario by validating factors and calling the scenario action.
+ */
+async function processMultifactorAuthenticationScenario<T extends MultifactorAuthenticationScenario>(
+    scenario: T,
+    params: MultifactorAuthenticationProcessScenarioParameters<T>,
+    factorsCombination: ValueOf<typeof VALUES.FACTOR_COMBINATIONS>,
+): Promise<MultifactorAuthenticationPartialStatus<number | undefined>> {
+    const factorsCheckResult = areMultifactorAuthenticationFactorsSufficient(params, factorsCombination);
+
+    const currentScenario = MULTIFACTOR_AUTHENTICATION_SCENARIO_CONFIG[scenario] as MultifactorAuthenticationScenarioConfig;
+
+    if (factorsCheckResult.value !== true) {
+        return transformMultifactorAuthenticationActionResponse(
+            {
+                ...factorsCheckResult,
+                value: {httpCode: undefined, successful: false},
+            },
+            params,
+            factorsCheckResult.step.requiredFactorForNextStep,
+        );
+    }
+
+    // We can safely make this assertion because the factors check method guarantees that the necessary conditions are met
+    const {httpCode, reason} = await currentScenario.action(params);
+    const successful = String(httpCode).startsWith('2');
+
+    return transformMultifactorAuthenticationActionResponse(
+        {
+            value: {successful, httpCode},
+            reason,
+        },
+        params,
+    );
+}
+
+/**
+ * Decodes Expo error messages and maps them to authentication error reasons.
+ */
+function decodeExpoMessage(error: unknown): MultifactorAuthenticationReason {
+    const errorString = String(error);
+    const parts = errorString.split(VALUES.EXPO_ERRORS.SEPARATOR);
+    const searchString = parts.length > 1 ? parts.slice(1).join(';').trim() : errorString;
+
+    for (const [searchKey, errorValue] of Object.entries(MULTIFACTOR_AUTHENTICATION_ERROR_MAPPINGS.EXPO_ERROR_MAPPINGS)) {
+        if (searchString.includes(searchKey)) {
+            return errorValue;
+        }
+    }
+
+    return VALUES.REASON.EXPO.GENERIC;
+}
+
+/**
+ * Decodes an Expo error message with optional fallback for generic errors.
+ */
+const decodeMultifactorAuthenticationExpoMessage = (message: unknown, fallback?: MultifactorAuthenticationReason): MultifactorAuthenticationReason => {
+    const decodedMessage = decodeExpoMessage(message);
+    return decodedMessage === VALUES.REASON.EXPO.GENERIC && fallback ? fallback : decodedMessage;
+};
+
+/**
+ * Type guard to check if a challenge has been signed by verifying the presence of rawId property.
+ */
+function isChallengeSigned(challenge: MultifactorAuthenticationChallengeObject | SignedChallenge): challenge is SignedChallenge {
+    return 'rawId' in challenge;
+}
+
+export {processMultifactorAuthenticationScenario as processScenario, decodeMultifactorAuthenticationExpoMessage as decodeExpoMessage, isChallengeSigned, parseHttpRequest};
diff --git a/src/libs/MultifactorAuthentication/Biometrics/types.ts b/src/libs/MultifactorAuthentication/Biometrics/types.ts
new file mode 100644
index 0000000000000..bea4b1298f727
--- /dev/null
+++ b/src/libs/MultifactorAuthentication/Biometrics/types.ts
@@ -0,0 +1,162 @@
+/**
+ * Type definitions for multifactor authentication biometrics operations.
+ */
+import type {EmptyObject, Simplify, ValueOf} from 'type-fest';
+import type {SignedChallenge} from './ED25519/types';
+import type {SECURE_STORE_VALUES} from './SecureStore';
+import type VALUES from './VALUES';
+
+/**
+ * Basic authentication requirement types for signed challenge and validation code.
+ */
+type BasicMultifactorAuthenticationRequirementTypes = {
+    [VALUES.FACTORS.SIGNED_CHALLENGE]: SignedChallenge;
+    [VALUES.FACTORS.VALIDATE_CODE]: number;
+};
+
+/**
+ * Represents the reason for a multifactor authentication response from the backend.
+ */
+type MultifactorAuthenticationReason = ValueOf<{
+    [K in keyof typeof VALUES.REASON]: ValueOf<(typeof VALUES.REASON)[K]>;
+}>;
+
+type MultifactorAuthenticationMethodCode = ValueOf<typeof SECURE_STORE_VALUES.AUTH_TYPE>['CODE'];
+
+/**
+ * Conditional type for including or omitting the step field in partial status.
+ */
+type MultifactorAuthenticationPartialStatusConditional<OmitStep> = OmitStep extends false
+    ? {
+          step: MultifactorAuthenticationStep;
+      }
+    : EmptyObject;
+
+/**
+ * Represents a partial status result of multifactor authentication operations.
+ * Contains the operation result value, reason message, and optionally the authentication step state.
+ */
+type MultifactorAuthenticationPartialStatus<T, OmitStep = false> = MultifactorAuthenticationPartialStatusConditional<OmitStep> & {
+    value: T;
+
+    reason: MultifactorAuthenticationReason;
+
+    type?: MultifactorAuthenticationMethodCode;
+};
+
+/**
+ * Factors requirements configuration.
+ */
+type MultifactorAuthenticationFactorsRequirements = ValueOf<typeof VALUES.FACTORS_REQUIREMENTS>;
+
+/**
+ * Individual authentication factor types.
+ */
+type MultifactorAuthenticationFactor = ValueOf<typeof VALUES.FACTORS>;
+
+/**
+ * Main authentication factors excluding additional factors.
+ */
+type MultifactorAuthenticationFactors = {
+    [K in MultifactorAuthenticationFactorsRequirements as K extends {
+        origin: typeof VALUES.FACTORS_ORIGIN.ADDITIONAL;
+    }
+        ? never
+        : K['parameter']]: BasicMultifactorAuthenticationRequirementTypes[K['id']];
+};
+
+/**
+ * Maps scenarios to their additional factors
+ */
+type MultifactorAuthorizationAdditionalFactors = {
+    [K in MultifactorAuthenticationFactorsRequirements as K extends {
+        origin: typeof VALUES.FACTORS_ORIGIN.ADDITIONAL;
+    }
+        ? K['parameter']
+        : never]?: BasicMultifactorAuthenticationRequirementTypes[K['id']];
+};
+
+/**
+ * Combined type representing all possible authentication factors (required and additional).
+ */
+type AllMultifactorAuthenticationFactors = Simplify<MultifactorAuthenticationFactors & MultifactorAuthorizationAdditionalFactors>;
+
+/**
+ * Represents the state of a step in the multifactor authentication flow.
+ */
+type MultifactorAuthenticationStep = {
+    wasRecentStepSuccessful: boolean | undefined;
+
+    requiredFactorForNextStep: MultifactorAuthenticationFactor | undefined;
+
+    isRequestFulfilled: boolean;
+};
+
+/**
+ * Maps API endpoints to their HTTP status codes and reason messages.
+ */
+type MultifactorAuthenticationResponseMap = typeof VALUES.API_RESPONSE_MAP;
+
+/**
+ * Identifier for different types of cryptographic keys.
+ */
+type MultifactorAuthenticationKeyType = ValueOf<typeof VALUES.KEY_ALIASES>;
+
+/**
+ * Parameters for a multifactor authentication action with required authentication factor.
+ */
+type MultifactorAuthenticationActionParams<T extends Record<string, unknown>, R extends keyof AllMultifactorAuthenticationFactors> = T & Pick<AllMultifactorAuthenticationFactors, R>;
+
+/**
+ * Supported key types for multifactor authentication.
+ */
+type KeyInfoType = 'biometric' | 'public-key';
+
+type ResponseDetails<T extends KeyInfoType> = T extends 'biometric'
+    ? {
+          biometric: {
+              publicKey: Base64URLString;
+              /** ED25519 algorithm identifier per COSE spec: -8 */
+              algorithm: -8;
+          };
+      }
+    : {
+          clientDataJSON: Base64URLString;
+          attestationObject: Base64URLString;
+      };
+
+/**
+ * Information about a cryptographic key including its raw ID, type, and response details.
+ */
+type MultifactorAuthenticationKeyInfo<T extends KeyInfoType> = {
+    rawId: Base64URLString;
+    type: T;
+    response: ResponseDetails<T>;
+};
+
+/**
+ * Configuration options for multifactor key store operations.
+ */
+type MultifactorKeyStoreOptions<T extends MultifactorAuthenticationKeyType> = T extends typeof VALUES.KEY_ALIASES.PRIVATE_KEY
+    ? {
+          nativePromptTitle: string;
+      }
+    : void;
+
+type ChallengeType = ValueOf<typeof VALUES.CHALLENGE_TYPE>;
+
+export type {
+    MultifactorAuthenticationFactor,
+    MultifactorAuthenticationStep,
+    MultifactorAuthenticationResponseMap,
+    MultifactorAuthenticationKeyType,
+    AllMultifactorAuthenticationFactors,
+    MultifactorAuthenticationPartialStatus,
+    MultifactorAuthenticationActionParams,
+    MultifactorKeyStoreOptions,
+    MultifactorAuthenticationReason,
+    MultifactorAuthenticationKeyInfo,
+    MultifactorAuthenticationMethodCode,
+    ResponseDetails,
+    ChallengeType,
+};
diff --git a/src/libs/Navigation/AppNavigator/ModalStackNavigators/index.tsx b/src/libs/Navigation/AppNavigator/ModalStackNavigators/index.tsx
index f8a60900b6aff..1ff8df539787d 100644
--- a/src/libs/Navigation/AppNavigator/ModalStackNavigators/index.tsx
+++ b/src/libs/Navigation/AppNavigator/ModalStackNavigators/index.tsx
@@ -1009,7 +1009,7 @@ const WorkspacesDomainModalStackNavigator = createModalStackNavigator<Workspaces
 const MultifactorAuthenticationStackNavigator = createModalStackNavigator<MultifactorAuthenticationParamList>({
     [SCREENS.MULTIFACTOR_AUTHENTICATION.MAGIC_CODE]: () => require<ReactComponentModule>('../../../../pages/MultifactorAuthentication/ValidateCodePage').default,
     [SCREENS.MULTIFACTOR_AUTHENTICATION.BIOMETRICS_TEST]: () => require<ReactComponentModule>('../../../../pages/MultifactorAuthentication/BiometricsTestPage').default,
-    [SCREENS.MULTIFACTOR_AUTHENTICATION.NOTIFICATION]: () => require<ReactComponentModule>('../../../../pages/MultifactorAuthentication/NotificationPage').default,
+    [SCREENS.MULTIFACTOR_AUTHENTICATION.OUTCOME]: () => require<ReactComponentModule>('@pages/MultifactorAuthentication/OutcomePage').default,
     [SCREENS.MULTIFACTOR_AUTHENTICATION.PROMPT]: () => require<ReactComponentModule>('../../../../pages/MultifactorAuthentication/PromptPage').default,
     [SCREENS.MULTIFACTOR_AUTHENTICATION.NOT_FOUND]: () => require<ReactComponentModule>('../../../../pages/ErrorPage/NotFoundPage').default,
 });
diff --git a/src/libs/Navigation/linkingConfig/config.ts b/src/libs/Navigation/linkingConfig/config.ts
index 817d5cb16fb34..db41b83f65220 100644
--- a/src/libs/Navigation/linkingConfig/config.ts
+++ b/src/libs/Navigation/linkingConfig/config.ts
@@ -1936,7 +1936,7 @@ const config: LinkingOptions<RootNavigatorParamList>['config'] = {
                     screens: {
                         [SCREENS.MULTIFACTOR_AUTHENTICATION.MAGIC_CODE]: ROUTES.MULTIFACTOR_AUTHENTICATION_MAGIC_CODE,
                         [SCREENS.MULTIFACTOR_AUTHENTICATION.BIOMETRICS_TEST]: ROUTES.MULTIFACTOR_AUTHENTICATION_BIOMETRICS_TEST,
-                        [SCREENS.MULTIFACTOR_AUTHENTICATION.NOTIFICATION]: ROUTES.MULTIFACTOR_AUTHENTICATION_NOTIFICATION.route,
+                        [SCREENS.MULTIFACTOR_AUTHENTICATION.OUTCOME]: ROUTES.MULTIFACTOR_AUTHENTICATION_OUTCOME.route,
                         [SCREENS.MULTIFACTOR_AUTHENTICATION.PROMPT]: ROUTES.MULTIFACTOR_AUTHENTICATION_PROMPT.route,
                         [SCREENS.MULTIFACTOR_AUTHENTICATION.NOT_FOUND]: ROUTES.MULTIFACTOR_AUTHENTICATION_NOT_FOUND,
                     },
diff --git a/src/libs/Navigation/types.ts b/src/libs/Navigation/types.ts
index 73c5c1c8cd8b8..066a667fc02b8 100644
--- a/src/libs/Navigation/types.ts
+++ b/src/libs/Navigation/types.ts
@@ -2994,8 +2994,8 @@ type TestToolsModalModalNavigatorParamList = {
 type MultifactorAuthenticationParamList = {
     [SCREENS.MULTIFACTOR_AUTHENTICATION.MAGIC_CODE]: undefined;
     [SCREENS.MULTIFACTOR_AUTHENTICATION.BIOMETRICS_TEST]: undefined;
-    [SCREENS.MULTIFACTOR_AUTHENTICATION.NOTIFICATION]: {
-        notificationType: ValueOf<typeof CONST.MULTIFACTOR_AUTHENTICATION_NOTIFICATION_TYPE>;
+    [SCREENS.MULTIFACTOR_AUTHENTICATION.OUTCOME]: {
+        outcomeType: ValueOf<typeof CONST.MULTIFACTOR_AUTHENTICATION_OUTCOME_TYPE>;
     };
     [SCREENS.MULTIFACTOR_AUTHENTICATION.PROMPT]: {
         promptType: string;
diff --git a/src/libs/StringUtils/index.ts b/src/libs/StringUtils/index.ts
index 440b905e41483..2b6502a9cc8d6 100644
--- a/src/libs/StringUtils/index.ts
+++ b/src/libs/StringUtils/index.ts
@@ -1,4 +1,5 @@
 import deburr from 'lodash/deburr';
+import type {KebabCase} from 'type-fest';
 import {isSafari} from '@libs/Browser';
 import CONST from '@src/CONST';
 import decodeUnicode from './decodeUnicode';
@@ -186,6 +187,22 @@ function camelToHyphenCase(str: string) {
     return str.replaceAll(/[A-Z]/g, (letter) => `-${letter.toLowerCase()}`);
 }
 
+/**
+ * Converts a string to lowercase.
+ * In addition to the standard toLowerCase behavior, this function ensures
+ * that if a const string is provided, it is not converted to a primitive type.
+ */
+function toLowerCase<T extends string>(str: T) {
+    return str.toLowerCase() as Lowercase<T>;
+}
+
+/**
+ * Converts camelCase string to kebab-case format.
+ */
+function camelToKebabCase<T extends string>(str: T) {
+    return str.replaceAll(/([a-z])([A-Z])/g, '$1-$2').toLowerCase() as KebabCase<T>;
+}
+
 export default {
     sanitizeString,
     isEmptyString,
@@ -205,4 +222,6 @@ export default {
     countWhiteSpaces,
     startsWithVowel,
     camelToHyphenCase,
+    camelToKebabCase,
+    toLowerCase,
 };
diff --git a/src/libs/actions/MultifactorAuthentication.ts b/src/libs/actions/MultifactorAuthentication.ts
new file mode 100644
index 0000000000000..9be2595b33076
--- /dev/null
+++ b/src/libs/actions/MultifactorAuthentication.ts
@@ -0,0 +1,73 @@
+/* eslint-disable rulesdir/no-api-side-effects-method */
+// These functions use makeRequestWithSideEffects because challenge data must be returned immediately
+// for security and timing requirements (see detailed explanation below)
+import type {MultifactorAuthenticationScenarioParameters} from '@components/MultifactorAuthentication/config/types';
+import {makeRequestWithSideEffects} from '@libs/API';
+import {SIDE_EFFECT_REQUEST_COMMANDS} from '@libs/API/types';
+import Log from '@libs/Log';
+import {parseHttpRequest} from '@libs/MultifactorAuthentication/Biometrics/helpers';
+import type {ChallengeType} from '@libs/MultifactorAuthentication/Biometrics/types';
+import CONST from '@src/CONST';
+
+/**
+ * To keep the code clean and readable, these functions return parsed data in order to:
+ *
+ * - Check whether multifactorial authentication scenario was successful as we need to know it as fast as possible
+ *   to make the usage of authentication seamless and to tell if we should abort the process
+ *   if an error occurred.
+ *
+ * - To avoid storing challenge in the persistent memory for security reasons.
+ *
+ * - As there is a certain short time frame in which the challenge needs to be signed,
+ *   we should not delay the possibility to do so for the user.
+ *
+ * This is not a standard practice in the code base.
+ * Please consult before using this pattern.
+ */
+
+async function registerAuthenticationKey({keyInfo, validateCode}: MultifactorAuthenticationScenarioParameters['REGISTER-BIOMETRICS']) {
+    try {
+        const response = await makeRequestWithSideEffects(SIDE_EFFECT_REQUEST_COMMANDS.REGISTER_AUTHENTICATION_KEY, {keyInfo, validateCode}, {});
+
+        const {jsonCode, message} = response ?? {};
+        return parseHttpRequest(jsonCode, CONST.MULTIFACTOR_AUTHENTICATION.API_RESPONSE_MAP.REGISTER_AUTHENTICATION_KEY, message);
+    } catch (error) {
+        Log.hmmm('[MultifactorAuthentication] Failed to register an authentication key', {error});
+        return parseHttpRequest(undefined, CONST.MULTIFACTOR_AUTHENTICATION.API_RESPONSE_MAP.REGISTER_AUTHENTICATION_KEY, undefined);
+    }
+}
+
+async function requestAuthenticationChallenge(challengeType: ChallengeType = 'authentication') {
+    try {
+        const response = await makeRequestWithSideEffects(SIDE_EFFECT_REQUEST_COMMANDS.REQUEST_AUTHENTICATION_CHALLENGE, {challengeType}, {});
+        const {jsonCode, challenge, publicKeys, message} = response ?? {};
+
+        return {
+            ...parseHttpRequest(jsonCode, CONST.MULTIFACTOR_AUTHENTICATION.API_RESPONSE_MAP.REQUEST_AUTHENTICATION_CHALLENGE, message),
+            challenge,
+            publicKeys,
+        };
+    } catch (error) {
+        Log.hmmm('[MultifactorAuthentication] Failed to request an authentication challenge', {error});
+        return {
+            ...parseHttpRequest(undefined, CONST.MULTIFACTOR_AUTHENTICATION.API_RESPONSE_MAP.REQUEST_AUTHENTICATION_CHALLENGE, undefined),
+            challenge: undefined,
+            publicKeys: undefined,
+        };
+    }
+}
+
+async function troubleshootMultifactorAuthentication({signedChallenge}: MultifactorAuthenticationScenarioParameters['BIOMETRICS-TEST']) {
+    try {
+        const response = await makeRequestWithSideEffects(SIDE_EFFECT_REQUEST_COMMANDS.TROUBLESHOOT_MULTIFACTOR_AUTHENTICATION, {signedChallenge}, {});
+
+        const {jsonCode, message} = response ?? {};
+
+        return parseHttpRequest(jsonCode, CONST.MULTIFACTOR_AUTHENTICATION.API_RESPONSE_MAP.TROUBLESHOOT_MULTIFACTOR_AUTHENTICATION, message);
+    } catch (error) {
+        Log.hmmm('[MultifactorAuthentication] Failed to troubleshoot multifactor authentication', {error});
+        return parseHttpRequest(undefined, CONST.MULTIFACTOR_AUTHENTICATION.API_RESPONSE_MAP.TROUBLESHOOT_MULTIFACTOR_AUTHENTICATION, undefined);
+    }
+}
+
+export {registerAuthenticationKey, requestAuthenticationChallenge, troubleshootMultifactorAuthentication};
diff --git a/src/pages/MultifactorAuthentication/NotificationPage.tsx b/src/pages/MultifactorAuthentication/OutcomePage.tsx
similarity index 77%
rename from src/pages/MultifactorAuthentication/NotificationPage.tsx
rename to src/pages/MultifactorAuthentication/OutcomePage.tsx
index e961ee56c3c83..0d505af02dea4 100644
--- a/src/pages/MultifactorAuthentication/NotificationPage.tsx
+++ b/src/pages/MultifactorAuthentication/OutcomePage.tsx
@@ -30,22 +30,22 @@ const mockedConfigFailure = {
     description: 'multifactorAuthentication.biometricsTest.yourAttemptWasUnsuccessful',
 } as const satisfies Record<string, TranslationPaths>;
 
-type MultifactorAuthenticationNotificationPageProps = PlatformStackScreenProps<MultifactorAuthenticationParamList, typeof SCREENS.MULTIFACTOR_AUTHENTICATION.NOTIFICATION>;
+type MultifactorAuthenticationOutcomePageProps = PlatformStackScreenProps<MultifactorAuthenticationParamList, typeof SCREENS.MULTIFACTOR_AUTHENTICATION.OUTCOME>;
 
-function MultifactorAuthenticationNotificationPage({route}: MultifactorAuthenticationNotificationPageProps) {
+function MultifactorAuthenticationOutcomePage({route}: MultifactorAuthenticationOutcomePageProps) {
     const {translate} = useLocalize();
     const styles = useThemeStyles();
     const onGoBackPress = () => {
         Navigation.dismissModal();
     };
 
-    const isSuccessNotification = route.params.notificationType === CONST.MULTIFACTOR_AUTHENTICATION_NOTIFICATION_TYPE.SUCCESS;
+    const isSuccessOutcome = route.params.outcomeType === CONST.MULTIFACTOR_AUTHENTICATION_OUTCOME_TYPE.SUCCESS;
 
     let headerTitle = translate(mockedConfigFailure.headerTitle);
     let title = translate(mockedConfigFailure.title);
     let description = translate(mockedConfigFailure.description);
 
-    if (isSuccessNotification) {
+    if (isSuccessOutcome) {
         headerTitle = translate(mockedConfigSuccess.headerTitle);
         title = translate(mockedConfigSuccess.title);
         // TODO: Replace hardcoded 'FaceID' with the actual authentication type (e.g., 'FaceID', 'TouchID', 'Fingerprint')
@@ -53,10 +53,10 @@ function MultifactorAuthenticationNotificationPage({route}: MultifactorAuthentic
         description = translate(mockedConfigSuccess.description, {authType: 'FaceID'});
     }
 
-    const {asset: icon} = useMemoizedLazyAsset(() => loadIllustration(isSuccessNotification ? 'OpenPadlock' : 'HumptyDumpty'));
+    const {asset: icon} = useMemoizedLazyAsset(() => loadIllustration(isSuccessOutcome ? 'OpenPadlock' : 'HumptyDumpty'));
 
     return (
-        <ScreenWrapper testID={MultifactorAuthenticationNotificationPage.displayName}>
+        <ScreenWrapper testID={MultifactorAuthenticationOutcomePage.displayName}>
             <HeaderWithBackButton
                 title={headerTitle}
                 onBackButtonPress={onGoBackPress}
@@ -66,14 +66,14 @@ function MultifactorAuthenticationNotificationPage({route}: MultifactorAuthentic
                 <BlockingView
                     icon={icon}
                     contentFitImage="fill"
-                    iconWidth={isSuccessNotification ? variables.openPadlockWidth : variables.humptyDumptyWidth}
-                    iconHeight={isSuccessNotification ? variables.openPadlockHeight : variables.humptyDumptyHeight}
+                    iconWidth={isSuccessOutcome ? variables.openPadlockWidth : variables.humptyDumptyWidth}
+                    iconHeight={isSuccessOutcome ? variables.openPadlockHeight : variables.humptyDumptyHeight}
                     title={title}
                     titleStyles={styles.mb2}
                     subtitle={description}
                     subtitleStyle={styles.textSupporting}
                     containerStyle={styles.ph5}
-                    testID={MultifactorAuthenticationNotificationPage.displayName}
+                    testID={MultifactorAuthenticationOutcomePage.displayName}
                 />
             </View>
             <View style={[styles.flexRow, styles.m5, styles.mt0]}>
@@ -88,6 +88,6 @@ function MultifactorAuthenticationNotificationPage({route}: MultifactorAuthentic
     );
 }
 
-MultifactorAuthenticationNotificationPage.displayName = 'MultifactorAuthenticationNotificationPage';
+MultifactorAuthenticationOutcomePage.displayName = 'MultifactorAuthenticationOutcomePage';
 
-export default MultifactorAuthenticationNotificationPage;
+export default MultifactorAuthenticationOutcomePage;
diff --git a/src/pages/MultifactorAuthentication/PromptPage.tsx b/src/pages/MultifactorAuthentication/PromptPage.tsx
index df649a215be63..90138b580e764 100644
--- a/src/pages/MultifactorAuthentication/PromptPage.tsx
+++ b/src/pages/MultifactorAuthentication/PromptPage.tsx
@@ -27,7 +27,7 @@ function MultifactorAuthenticationPromptPage() {
 
     const onConfirm = () => {
         // Temporary navigation, expected behavior: let the MultifactorAuthentication know that the soft prompt was accepted
-        Navigation.navigate(ROUTES.MULTIFACTOR_AUTHENTICATION_NOTIFICATION.getRoute(CONST.MULTIFACTOR_AUTHENTICATION_NOTIFICATION_TYPE.SUCCESS));
+        Navigation.navigate(ROUTES.MULTIFACTOR_AUTHENTICATION_OUTCOME.getRoute(CONST.MULTIFACTOR_AUTHENTICATION_OUTCOME_TYPE.SUCCESS));
     };
 
     const showConfirmModal = () => {
@@ -45,11 +45,25 @@ function MultifactorAuthenticationPromptPage() {
 
         hideConfirmModal();
         // Temporary navigation, expected behavior: trigger the failure from the MultifactorAuthenticationContext
-        Navigation.navigate(ROUTES.MULTIFACTOR_AUTHENTICATION_NOTIFICATION.getRoute(CONST.MULTIFACTOR_AUTHENTICATION_NOTIFICATION_TYPE.FAILURE));
+        Navigation.navigate(ROUTES.MULTIFACTOR_AUTHENTICATION_OUTCOME.getRoute(CONST.MULTIFACTOR_AUTHENTICATION_OUTCOME_TYPE.FAILURE));
+    };
+
+    const focusTrapConfirmModal = () => {
+        setConfirmModalVisibility(true);
+        return false;
     };
 
     return (
-        <ScreenWrapper testID={MultifactorAuthenticationPromptPage.displayName}>
+        <ScreenWrapper
+            testID={MultifactorAuthenticationPromptPage.displayName}
+            focusTrapSettings={{
+                focusTrapOptions: {
+                    allowOutsideClick: focusTrapConfirmModal,
+                    clickOutsideDeactivates: focusTrapConfirmModal,
+                    escapeDeactivates: focusTrapConfirmModal,
+                },
+            }}
+        >
             <HeaderWithBackButton
                 title={translate('multifactorAuthentication.letsVerifyItsYou')}
                 onBackButtonPress={showConfirmModal}
diff --git a/src/pages/MultifactorAuthentication/ValidateCodePage.tsx b/src/pages/MultifactorAuthentication/ValidateCodePage.tsx
index ddf857df5c39f..5fd2ca5bfa8e2 100644
--- a/src/pages/MultifactorAuthentication/ValidateCodePage.tsx
+++ b/src/pages/MultifactorAuthentication/ValidateCodePage.tsx
@@ -148,9 +148,7 @@ function MultifactorAuthenticationValidateCodePage() {
         setFormError({});
 
         // Temporary navigation, expected behavior: trigger submit from the MultifactorAuthenticationContext
-        // 'enable-biometrics' is a type of the MultifactorAuthentication prompt
-        // will be added as a part of scenario config in another PR to make it complacent with CONSISTENCY-2 (docs)
-        Navigation.navigate(ROUTES.MULTIFACTOR_AUTHENTICATION_PROMPT.getRoute('enable-biometrics'));
+        Navigation.navigate(ROUTES.MULTIFACTOR_AUTHENTICATION_PROMPT.getRoute(CONST.MULTIFACTOR_AUTHENTICATION.PROMPT.ENABLE_BIOMETRICS));
     };
 
     const onGoBackPress = () => {
diff --git a/src/types/onyx/Response.ts b/src/types/onyx/Response.ts
index ab93314762b2d..1f74eb49d18dd 100644
--- a/src/types/onyx/Response.ts
+++ b/src/types/onyx/Response.ts
@@ -1,4 +1,5 @@
 import type {OnyxKey, OnyxUpdate} from 'react-native-onyx';
+import type {MultifactorAuthenticationChallengeObject} from '@libs/MultifactorAuthentication/Biometrics/ED25519/types';
 
 /** Model of commands data */
 type Data = {
@@ -41,6 +42,12 @@ type Response = {
     /** Used to load resources like attachment videos and images */
     encryptedAuthToken?: string;
 
+    /** Registered multifactor public keys */
+    publicKeys?: string[];
+
+    /** Multifactor authentication challenge object */
+    challenge?: MultifactorAuthenticationChallengeObject;
+
     /** User session auth token when connecting as a delegate */
     restrictedToken?: string;
 
diff --git a/tests/unit/MultifactorAuthentication/ED25519.test.ts b/tests/unit/MultifactorAuthentication/ED25519.test.ts
index 3b55d7eb2ce31..11f4d11c0c045 100644
--- a/tests/unit/MultifactorAuthentication/ED25519.test.ts
+++ b/tests/unit/MultifactorAuthentication/ED25519.test.ts
@@ -1,4 +1,3 @@
-import {Buffer} from 'buffer';
 import {TextEncoder} from 'util';
 import {concatBytes, createAuthenticatorData, generateKeyPair, randomBytes, sha256, signToken, utf8ToBytes} from '@libs/MultifactorAuthentication/Biometrics/ED25519';
 import type {MultifactorAuthenticationChallengeObject} from '@libs/MultifactorAuthentication/Biometrics/ED25519/types';
@@ -47,13 +46,12 @@ describe('MultifactorAuthentication Biometrics ED25519 helpers', () => {
             timeout: 60000,
         };
 
-        const result = signToken(challengeObject, privateKey);
+        const result = signToken(challengeObject, privateKey, publicKey);
 
         expect(result.type).toBe(VALUES.ED25519_TYPE);
 
-        // Decode base64URL-encoded rawId to verify it contains the accountID
-        const decodedRawId = Buffer.from(result.rawId.replaceAll('-', '+').replaceAll('_', '/'), 'base64').toString();
-        expect(decodedRawId).toContain(VALUES.KEY_ALIASES.PUBLIC_KEY);
+        // Verify rawId matches the public key
+        expect(result.rawId).toBe(publicKey);
         expect(result.response.authenticatorData).toEqual(expect.any(String));
         expect(result.response.clientDataJSON).toEqual(expect.any(String));
         expect(result.response.signature).toEqual(expect.any(String));
diff --git a/tests/unit/components/MultifactorAuthentication/config/scenarios/index.test.ts b/tests/unit/components/MultifactorAuthentication/config/scenarios/index.test.ts
new file mode 100644
index 0000000000000..fb54de2900428
--- /dev/null
+++ b/tests/unit/components/MultifactorAuthentication/config/scenarios/index.test.ts
@@ -0,0 +1,95 @@
+import MULTIFACTOR_AUTHENTICATION_SCENARIO_CONFIG from '@components/MultifactorAuthentication/config/scenarios';
+import type {MultifactorAuthenticationScenarioConfigRecord} from '@components/MultifactorAuthentication/config/types';
+import CONST from '@src/CONST';
+import SCREENS from '@src/SCREENS';
+
+describe('MultifactorAuthentication Scenarios Config', () => {
+    /**
+     * Verifies that every scenario config has all required properties via customConfig
+     */
+    it('should have all required properties for every scenario config', () => {
+        const config = MULTIFACTOR_AUTHENTICATION_SCENARIO_CONFIG as MultifactorAuthenticationScenarioConfigRecord;
+
+        for (const scenarioConfig of Object.values(config)) {
+            // Verify MODALS exists and has cancelConfirmation
+            expect(scenarioConfig).toHaveProperty('MODALS');
+            expect(scenarioConfig.MODALS).toHaveProperty('cancelConfirmation');
+
+            const cancelConfirmation = scenarioConfig.MODALS.cancelConfirmation;
+            expect(cancelConfirmation).toHaveProperty('title');
+            expect(cancelConfirmation).toHaveProperty('description');
+            expect(cancelConfirmation).toHaveProperty('confirmButtonText');
+            expect(cancelConfirmation).toHaveProperty('cancelButtonText');
+
+            // Verify OUTCOMES exists and has all required outcome types
+            expect(scenarioConfig).toHaveProperty('OUTCOMES');
+            expect(scenarioConfig.OUTCOMES).toHaveProperty('success');
+            expect(scenarioConfig.OUTCOMES).toHaveProperty('failure');
+            expect(scenarioConfig.OUTCOMES).toHaveProperty('outOfTime');
+            expect(scenarioConfig.OUTCOMES).toHaveProperty('noEligibleMethods');
+        }
+    });
+
+    /**
+     * Verifies that each outcome in every scenario has all required properties
+     */
+    it('should have all required outcome properties for each outcome type', () => {
+        const config = MULTIFACTOR_AUTHENTICATION_SCENARIO_CONFIG as MultifactorAuthenticationScenarioConfigRecord;
+
+        const requiredOutcomeProps = ['illustration', 'iconWidth', 'iconHeight', 'padding', 'headerTitle', 'title', 'description'];
+
+        for (const scenarioConfig of Object.values(config)) {
+            for (const outcome of Object.values(scenarioConfig.OUTCOMES)) {
+                for (const prop of requiredOutcomeProps) {
+                    expect(outcome).toHaveProperty(prop);
+                }
+            }
+        }
+    });
+
+    /**
+     * Verifies that every scenario config has required action-related properties
+     */
+    it('should have all required action properties for each scenario', () => {
+        const config = MULTIFACTOR_AUTHENTICATION_SCENARIO_CONFIG as MultifactorAuthenticationScenarioConfigRecord;
+
+        for (const scenarioConfig of Object.values(config)) {
+            expect(scenarioConfig).toHaveProperty('action');
+            expect(scenarioConfig).toHaveProperty('allowedAuthenticationMethods');
+            expect(scenarioConfig).toHaveProperty('screen');
+            expect(scenarioConfig).toHaveProperty('nativePromptTitle');
+        }
+    });
+
+    /**
+     * Verifies that BIOMETRICS_TEST scenario config is properly configured
+     */
+    it('should have BIOMETRICS_TEST scenario properly configured', () => {
+        const config = MULTIFACTOR_AUTHENTICATION_SCENARIO_CONFIG as MultifactorAuthenticationScenarioConfigRecord;
+        const biometricsTestScenario = config[CONST.MULTIFACTOR_AUTHENTICATION.SCENARIO.BIOMETRICS_TEST];
+
+        expect(biometricsTestScenario).toBeDefined();
+        expect(biometricsTestScenario.allowedAuthenticationMethods).toStrictEqual([CONST.MULTIFACTOR_AUTHENTICATION.TYPE.BIOMETRICS]);
+        expect(biometricsTestScenario.screen).toBe(SCREENS.MULTIFACTOR_AUTHENTICATION.BIOMETRICS_TEST);
+        expect(biometricsTestScenario.pure).toBe(true);
+        expect(biometricsTestScenario.action).toBeDefined();
+    });
+
+    /**
+     * Verifies that the customConfig properly merges defaults with custom overrides
+     */
+    it('should properly merge default and custom outcome configurations', () => {
+        const config = MULTIFACTOR_AUTHENTICATION_SCENARIO_CONFIG as MultifactorAuthenticationScenarioConfigRecord;
+        const biometricsTestConfig = config[CONST.MULTIFACTOR_AUTHENTICATION.SCENARIO.BIOMETRICS_TEST];
+
+        // Verify that custom success headerTitle is applied
+        expect(biometricsTestConfig.OUTCOMES.success.headerTitle).toBe('multifactorAuthentication.biometricsTest.biometricsTest');
+
+        // Verify that default illustration is preserved
+        expect(biometricsTestConfig.OUTCOMES.success).toHaveProperty('illustration');
+
+        // Verify that other outcomes still have defaults
+        expect(biometricsTestConfig.OUTCOMES.failure.illustration).toBe('HumptyDumpty');
+        expect(biometricsTestConfig.OUTCOMES.outOfTime.illustration).toBe('RunOutOfTime');
+    });
+});
diff --git a/tests/unit/libs/MultifactorAuthentication/Biometrics/Challenge.test.ts b/tests/unit/libs/MultifactorAuthentication/Biometrics/Challenge.test.ts
new file mode 100644
index 0000000000000..ce7db09bd6a81
--- /dev/null
+++ b/tests/unit/libs/MultifactorAuthentication/Biometrics/Challenge.test.ts
@@ -0,0 +1,229 @@
+import type {MultifactorAuthenticationScenarioAdditionalParams} from '@components/MultifactorAuthentication/config/types';
+import * as MFAActions from '@libs/actions/MultifactorAuthentication';
+import MultifactorAuthenticationChallenge from '@libs/MultifactorAuthentication/Biometrics/Challenge';
+import type {MultifactorAuthenticationChallengeObject} from '@libs/MultifactorAuthentication/Biometrics/ED25519/types';
+import * as helpers from '@libs/MultifactorAuthentication/Biometrics/helpers';
+import {PrivateKeyStore, PublicKeyStore} from '@libs/MultifactorAuthentication/Biometrics/KeyStore';
+import VALUES from '@libs/MultifactorAuthentication/Biometrics/VALUES';
+import CONST from '@src/CONST';
+
+// Mock dependencies
+jest.mock('@libs/actions/MultifactorAuthentication');
+jest.mock('@libs/MultifactorAuthentication/Biometrics/ED25519');
+jest.mock('@libs/MultifactorAuthentication/Biometrics/helpers');
+jest.mock('@libs/MultifactorAuthentication/Biometrics/KeyStore');
+
+const mockedChallengeObject: MultifactorAuthenticationChallengeObject = {
+    allowCredentials: [],
+    rpId: 'example.com',
+    challenge: 'test-challenge',
+    userVerification: 'required',
+    timeout: 7000,
+};
+
+const mockHelpers = jest.mocked(helpers);
+const mockPrivateKeyStore = jest.mocked(PrivateKeyStore);
+const mockPublicKeyStore = jest.mocked(PublicKeyStore);
+const mockMFAActions = jest.mocked(MFAActions);
+
+describe('MultifactorAuthenticationChallenge', () => {
+    const mockScenario = CONST.MULTIFACTOR_AUTHENTICATION.SCENARIO.BIOMETRICS_TEST;
+    const mockParams: MultifactorAuthenticationScenarioAdditionalParams<typeof mockScenario> = {};
+    const mockAccountID = 12345;
+
+    beforeEach(() => {
+        jest.clearAllMocks();
+    });
+
+    describe('constructor', () => {
+        it('should initialize challenge instance with scenario and params', () => {
+            const challenge = new MultifactorAuthenticationChallenge(mockScenario, mockParams, {nativePromptTitle: 'Test'});
+            expect(challenge).toBeDefined();
+        });
+
+        it('should accept optional keystore options', () => {
+            const options = {nativePromptTitle: 'Test Prompt'};
+            const challenge = new MultifactorAuthenticationChallenge(mockScenario, mockParams, options);
+            expect(challenge).toBeDefined();
+        });
+    });
+
+    describe('request method', () => {
+        it('should successfully request a challenge from the server', async () => {
+            const challenge = new MultifactorAuthenticationChallenge(mockScenario, mockParams, {nativePromptTitle: 'Test'});
+
+            // Mock the requestAuthenticationChallenge function
+            mockMFAActions.requestAuthenticationChallenge.mockResolvedValueOnce({
+                challenge: mockedChallengeObject,
+                httpCode: 200,
+                publicKeys: ['key1', 'key2'],
+                reason: VALUES.REASON.BACKEND.CHALLENGE_GENERATED,
+            });
+
+            const result = await challenge.request();
+
+            expect(result).toEqual({
+                value: true,
+                reason: VALUES.REASON.CHALLENGE.CHALLENGE_RECEIVED,
+            });
+        });
+
+        it('should handle bad token error', async () => {
+            const challenge = new MultifactorAuthenticationChallenge(mockScenario, mockParams, {nativePromptTitle: 'Test'});
+
+            mockMFAActions.requestAuthenticationChallenge.mockResolvedValueOnce({
+                challenge: undefined,
+                publicKeys: undefined,
+                httpCode: 400,
+                reason: VALUES.REASON.BACKEND.UNKNOWN_RESPONSE,
+            });
+
+            const result = await challenge.request();
+
+            expect(result.value).toBe(true);
+            expect(result.reason).toBe(VALUES.REASON.CHALLENGE.COULD_NOT_RETRIEVE_A_CHALLENGE);
+        });
+    });
+
+    describe('sign method', () => {
+        it('should return error if challenge is not requested yet', async () => {
+            const challenge = new MultifactorAuthenticationChallenge(mockScenario, mockParams, {nativePromptTitle: 'Test'});
+
+            const result = await challenge.sign(mockAccountID);
+
+            expect(result.value).toBe(false);
+            expect(result.reason).toBe(VALUES.REASON.CHALLENGE.CHALLENGE_MISSING);
+        });
+
+        it('should return error if challenge is already signed', async () => {
+            const challenge = new MultifactorAuthenticationChallenge(mockScenario, mockParams, {nativePromptTitle: 'Test'});
+
+            // Mock request
+            mockMFAActions.requestAuthenticationChallenge.mockResolvedValueOnce({
+                challenge: mockedChallengeObject,
+                publicKeys: ['key1'],
+                httpCode: 200,
+                reason: VALUES.REASON.BACKEND.CHALLENGE_GENERATED,
+            });
+
+            await challenge.request();
+
+            // Mock isChallengeSigned to return true
+            mockHelpers.isChallengeSigned.mockReturnValueOnce(true);
+
+            const result = await challenge.sign(mockAccountID);
+
+            expect(result.value).toBe(false);
+            expect(result.reason).toBe(VALUES.REASON.CHALLENGE.CHALLENGE_ALREADY_SIGNED);
+        });
+
+        it('should handle missing private key', async () => {
+            const challenge = new MultifactorAuthenticationChallenge(mockScenario, mockParams, {nativePromptTitle: 'Test'});
+
+            // Mock request
+            mockMFAActions.requestAuthenticationChallenge.mockResolvedValueOnce({
+                challenge: mockedChallengeObject,
+                publicKeys: ['key1'],
+                httpCode: 200,
+                reason: VALUES.REASON.BACKEND.CHALLENGE_GENERATED,
+            });
+
+            await challenge.request();
+
+            // Mock isChallengeSigned to return false
+            mockHelpers.isChallengeSigned.mockReturnValueOnce(false);
+
+            // Mock private key retrieval failure
+            mockPrivateKeyStore.get.mockResolvedValueOnce({
+                value: null,
+                reason: VALUES.REASON.KEYSTORE.KEY_NOT_FOUND,
+            });
+
+            const result = await challenge.sign(mockAccountID);
+
+            expect(result.value).toBe(false);
+            expect(result.reason).toBe(VALUES.REASON.KEYSTORE.KEY_NOT_FOUND);
+        });
+
+        it('should delete keys if public key is missing from backend', async () => {
+            const challenge = new MultifactorAuthenticationChallenge(mockScenario, mockParams, {nativePromptTitle: 'Test'});
+
+            // Mock request
+            mockMFAActions.requestAuthenticationChallenge.mockResolvedValueOnce({
+                challenge: mockedChallengeObject,
+                httpCode: 200,
+                publicKeys: ['backend-key'],
+                reason: VALUES.REASON.BACKEND.CHALLENGE_GENERATED,
+            });
+
+            await challenge.request();
+
+            // Mock isChallengeSigned to return false
+            mockHelpers.isChallengeSigned.mockReturnValueOnce(false);
+
+            // Mock private key retrieval success
+            mockPrivateKeyStore.get.mockResolvedValueOnce({
+                value: 'private-key-value',
+                reason: VALUES.REASON.KEYSTORE.KEY_RETRIEVED,
+            });
+
+            // Mock public key retrieval with different key
+            mockPublicKeyStore.get.mockResolvedValueOnce({
+                value: 'different-key',
+                reason: VALUES.REASON.KEYSTORE.KEY_RETRIEVED,
+            });
+
+            const result = await challenge.sign(mockAccountID);
+
+            expect(result.value).toBe(false);
+            expect(result.reason).toBe(VALUES.REASON.KEYSTORE.REGISTRATION_REQUIRED);
+            // eslint-disable-next-line @typescript-eslint/unbound-method
+            expect(mockPrivateKeyStore.delete).toHaveBeenCalledWith(mockAccountID);
+            // eslint-disable-next-line @typescript-eslint/unbound-method
+            expect(mockPublicKeyStore.delete).toHaveBeenCalledWith(mockAccountID);
+        });
+    });
+
+    describe('send method', () => {
+        it('should return error if challenge is not signed', async () => {
+            const challenge = new MultifactorAuthenticationChallenge(mockScenario, mockParams, {nativePromptTitle: 'Test'});
+
+            const result = await challenge.send();
+
+            expect(result.value).toBe(false);
+            expect(result.reason).toBe(VALUES.REASON.GENERIC.SIGNATURE_MISSING);
+        });
+
+        it('should process scenario with signed challenge', async () => {
+            const challenge = new MultifactorAuthenticationChallenge(mockScenario, mockParams, {nativePromptTitle: 'Test'});
+
+            // Mock request and helpers
+            mockMFAActions.requestAuthenticationChallenge.mockResolvedValueOnce({
+                challenge: mockedChallengeObject,
+                httpCode: 200,
+                publicKeys: ['key1'],
+                reason: VALUES.REASON.BACKEND.CHALLENGE_GENERATED,
+            });
+
+            mockHelpers.isChallengeSigned.mockReturnValueOnce(true);
+
+            // Mock processScenario
+            mockHelpers.processScenario.mockResolvedValueOnce({
+                reason: VALUES.REASON.BACKEND.AUTHORIZATION_SUCCESSFUL,
+                value: undefined,
+                step: {
+                    wasRecentStepSuccessful: true,
+                    isRequestFulfilled: true,
+                    requiredFactorForNextStep: undefined,
+                },
+            });
+
+            await challenge.request();
+
+            const result = await challenge.send();
+
+            expect(result.value).toBe(true);
+            expect(result.reason).toBe(VALUES.REASON.BACKEND.AUTHORIZATION_SUCCESSFUL);
+        });
+    });
+});
diff --git a/tests/unit/libs/MultifactorAuthentication/Biometrics/KeyStore.test.ts b/tests/unit/libs/MultifactorAuthentication/Biometrics/KeyStore.test.ts
new file mode 100644
index 0000000000000..30c5a5d33c21c
--- /dev/null
+++ b/tests/unit/libs/MultifactorAuthentication/Biometrics/KeyStore.test.ts
@@ -0,0 +1,164 @@
+import {PrivateKeyStore, PublicKeyStore} from '@libs/MultifactorAuthentication/Biometrics/KeyStore';
+import {SECURE_STORE_METHODS} from '@libs/MultifactorAuthentication/Biometrics/SecureStore';
+import VALUES from '@libs/MultifactorAuthentication/Biometrics/VALUES';
+
+jest.mock('@libs/MultifactorAuthentication/Biometrics/SecureStore');
+
+const mockedSecureStoreMethods = jest.mocked(SECURE_STORE_METHODS);
+
+// Mock the SECURE_STORE_METHODS
+jest.mock('@libs/MultifactorAuthentication/Biometrics/SecureStore', () => ({
+    SECURE_STORE_METHODS: {
+        getItemAsync: jest.fn(),
+        setItemAsync: jest.fn(),
+        deleteItemAsync: jest.fn(),
+        canUseBiometricAuthentication: jest.fn(() => true),
+        canUseDeviceCredentialsAuthentication: jest.fn(() => true),
+    },
+    SECURE_STORE_VALUES: {
+        WHEN_PASSCODE_SET_THIS_DEVICE_ONLY: 'WHEN_PASSCODE_SET_THIS_DEVICE_ONLY',
+        AUTH_TYPE: {
+            BIOMETRIC: {CODE: 'biometric', NAME: 'Biometric'},
+            DEVICE_CREDENTIAL: {CODE: 'device_credential', NAME: 'Device Credential'},
+        },
+    },
+}));
+
+jest.mock('@libs/MultifactorAuthentication/Biometrics/helpers', () => ({
+    decodeExpoMessage: jest.fn(() => 'decoded-error-reason'),
+}));
+
+describe('MultifactorAuthentication KeyStore', () => {
+    const mockAccountID = 12345;
+    const mockKey = 'test-key-value';
+    const mockOptions = {nativePromptTitle: 'Test Prompt'};
+
+    beforeEach(() => {
+        jest.clearAllMocks();
+    });
+
+    describe('PrivateKeyStore', () => {
+        describe('set method', () => {
+            it('should save a private key successfully', async () => {
+                mockedSecureStoreMethods.setItemAsync.mockResolvedValueOnce('biometric');
+
+                const result = await PrivateKeyStore.set(mockAccountID, mockKey, {nativePromptTitle: 'Test'});
+
+                expect(result.value).toBe(true);
+                expect(result.reason).toBe(VALUES.REASON.KEYSTORE.KEY_SAVED);
+                expect(result.type).toBe('biometric');
+                expect(mockedSecureStoreMethods.setItemAsync).toHaveBeenCalled();
+            });
+
+            it('should handle save errors', async () => {
+                mockedSecureStoreMethods.setItemAsync.mockRejectedValueOnce(new Error('Save failed'));
+
+                const result = await PrivateKeyStore.set(mockAccountID, mockKey, {nativePromptTitle: 'Test'});
+
+                expect(result.value).toBe(false);
+            });
+
+            it('should pass options to secure store', async () => {
+                mockedSecureStoreMethods.setItemAsync.mockResolvedValueOnce('biometric');
+
+                await PrivateKeyStore.set(mockAccountID, mockKey, mockOptions);
+
+                expect(mockedSecureStoreMethods.setItemAsync).toHaveBeenCalled();
+            });
+        });
+
+        describe('get method', () => {
+            it('should retrieve a stored private key', async () => {
+                mockedSecureStoreMethods.getItemAsync.mockResolvedValueOnce([mockKey, 'biometric']);
+
+                const result = await PrivateKeyStore.get(mockAccountID, {nativePromptTitle: 'Test'});
+
+                expect(result.value).toBe(mockKey);
+                expect(result.reason).toBe(VALUES.REASON.KEYSTORE.KEY_RETRIEVED);
+                expect(result.type).toBe('biometric');
+            });
+
+            it('should return KEY_NOT_FOUND when key is null', async () => {
+                mockedSecureStoreMethods.getItemAsync.mockResolvedValueOnce([null, undefined]);
+
+                const result = await PrivateKeyStore.get(mockAccountID, {nativePromptTitle: 'Test'});
+
+                expect(result.value).toBeNull();
+                expect(result.reason).toBe(VALUES.REASON.KEYSTORE.KEY_NOT_FOUND);
+            });
+
+            it('should handle retrieval errors', async () => {
+                mockedSecureStoreMethods.getItemAsync.mockRejectedValueOnce(new Error('Retrieval failed'));
+
+                const result = await PrivateKeyStore.get(mockAccountID, {nativePromptTitle: 'Test'});
+
+                expect(result.value).toBeNull();
+            });
+        });
+
+        describe('delete method', () => {
+            it('should delete a private key successfully', async () => {
+                mockedSecureStoreMethods.deleteItemAsync.mockResolvedValueOnce(undefined);
+
+                const result = await PrivateKeyStore.delete(mockAccountID);
+
+                expect(result.value).toBe(true);
+                expect(result.reason).toBe(VALUES.REASON.KEYSTORE.KEY_DELETED);
+            });
+
+            it('should handle deletion errors', async () => {
+                mockedSecureStoreMethods.deleteItemAsync.mockRejectedValueOnce(new Error('Deletion failed'));
+
+                const result = await PrivateKeyStore.delete(mockAccountID);
+
+                expect(result.value).toBe(false);
+            });
+        });
+
+        describe('supportedAuthentication property', () => {
+            it('should return available authentication methods', () => {
+                const supported = PrivateKeyStore.supportedAuthentication;
+
+                expect(supported).toEqual({
+                    biometrics: true,
+                    credentials: true,
+                });
+            });
+        });
+    });
+
+    describe('PublicKeyStore', () => {
+        describe('set method', () => {
+            it('should save a public key successfully', async () => {
+                mockedSecureStoreMethods.setItemAsync.mockResolvedValueOnce('device_credential');
+
+                const result = await PublicKeyStore.set(mockAccountID, mockKey);
+
+                expect(result.value).toBe(true);
+                expect(result.reason).toBe(VALUES.REASON.KEYSTORE.KEY_SAVED);
+            });
+        });
+
+        describe('get method', () => {
+            it('should retrieve a stored public key', async () => {
+                mockedSecureStoreMethods.getItemAsync.mockResolvedValueOnce([mockKey, 'device_credential']);
+
+                const result = await PublicKeyStore.get(mockAccountID);
+
+                expect(result.value).toBe(mockKey);
+                expect(result.reason).toBe(VALUES.REASON.KEYSTORE.KEY_RETRIEVED);
+            });
+        });
+
+        describe('delete method', () => {
+            it('should delete a public key successfully', async () => {
+                mockedSecureStoreMethods.deleteItemAsync.mockResolvedValueOnce(undefined);
+
+                const result = await PublicKeyStore.delete(mockAccountID);
+
+                expect(result.value).toBe(true);
+                expect(result.reason).toBe(VALUES.REASON.KEYSTORE.KEY_DELETED);
+            });
+        });
+    });
+});
diff --git a/tests/unit/libs/MultifactorAuthentication/Biometrics/Observer.test.ts b/tests/unit/libs/MultifactorAuthentication/Biometrics/Observer.test.ts
new file mode 100644
index 0000000000000..6da4d177c9509
--- /dev/null
+++ b/tests/unit/libs/MultifactorAuthentication/Biometrics/Observer.test.ts
@@ -0,0 +1,109 @@
+import MultifactorAuthenticationObserver from '@libs/MultifactorAuthentication/Biometrics/Observer';
+import {MultifactorAuthenticationCallbacks} from '@libs/MultifactorAuthentication/Biometrics/VALUES';
+
+describe('MultifactorAuthenticationObserver', () => {
+    beforeEach(() => {
+        // Clear all callbacks before each test
+        MultifactorAuthenticationCallbacks.onFulfill = {};
+    });
+
+    describe('registerCallback', () => {
+        it('should register a callback with an ID', () => {
+            const testId = 'test-callback-id';
+            const testCallback = jest.fn();
+
+            MultifactorAuthenticationObserver.registerCallback(testId, testCallback);
+
+            expect(MultifactorAuthenticationCallbacks.onFulfill[testId]).toBe(testCallback);
+        });
+
+        it('should allow multiple callbacks to be registered', () => {
+            const callback1 = jest.fn();
+            const callback2 = jest.fn();
+
+            MultifactorAuthenticationObserver.registerCallback('id-1', callback1);
+            MultifactorAuthenticationObserver.registerCallback('id-2', callback2);
+
+            expect(MultifactorAuthenticationCallbacks.onFulfill['id-1']).toBe(callback1);
+            expect(MultifactorAuthenticationCallbacks.onFulfill['id-2']).toBe(callback2);
+        });
+
+        it('should overwrite existing callback with same ID', () => {
+            const callback1 = jest.fn();
+            const callback2 = jest.fn();
+            const testId = 'same-id';
+
+            MultifactorAuthenticationObserver.registerCallback(testId, callback1);
+            MultifactorAuthenticationObserver.registerCallback(testId, callback2);
+
+            expect(MultifactorAuthenticationCallbacks.onFulfill[testId]).toBe(callback2);
+        });
+
+        it('should handle callback function execution', () => {
+            const testId = 'executable-callback';
+            const testCallback = jest.fn(() => 'test-result');
+
+            MultifactorAuthenticationObserver.registerCallback(testId, testCallback);
+
+            const storedCallback = MultifactorAuthenticationCallbacks.onFulfill[testId];
+            const result = storedCallback();
+
+            expect(testCallback).toHaveBeenCalled();
+            expect(result).toBe('test-result');
+        });
+
+        it('should accept callbacks that return different types', () => {
+            const stringCallback = jest.fn(() => 'string-result');
+            const numberCallback = jest.fn(() => 42);
+            const objectCallback = jest.fn(() => ({result: 'object'}));
+
+            MultifactorAuthenticationObserver.registerCallback('string-id', stringCallback);
+            MultifactorAuthenticationObserver.registerCallback('number-id', numberCallback);
+            MultifactorAuthenticationObserver.registerCallback('object-id', objectCallback);
+
+            expect(MultifactorAuthenticationCallbacks.onFulfill['string-id']()).toBe('string-result');
+            expect(MultifactorAuthenticationCallbacks.onFulfill['number-id']()).toBe(42);
+            expect(MultifactorAuthenticationCallbacks.onFulfill['object-id']()).toEqual({result: 'object'});
+        });
+
+        it('should handle callbacks with side effects', () => {
+            const state = {counter: 0};
+            const incrementCallback = jest.fn(() => {
+                state.counter++;
+            });
+
+            MultifactorAuthenticationObserver.registerCallback('increment', incrementCallback);
+
+            MultifactorAuthenticationCallbacks.onFulfill.increment();
+
+            expect(state.counter).toBe(1);
+        });
+    });
+
+    describe('callback storage', () => {
+        it('should maintain callback registry across multiple operations', () => {
+            const callbacks = [
+                {id: 'cb-1', fn: jest.fn()},
+                {id: 'cb-2', fn: jest.fn()},
+                {id: 'cb-3', fn: jest.fn()},
+            ];
+
+            for (const {id, fn} of callbacks) {
+                MultifactorAuthenticationObserver.registerCallback(id, fn);
+            }
+
+            for (const {id, fn} of callbacks) {
+                expect(MultifactorAuthenticationCallbacks.onFulfill[id]).toBe(fn);
+            }
+        });
+
+        it('should allow querying registered callbacks', () => {
+            const testId = 'query-test';
+            const testCallback = jest.fn();
+
+            MultifactorAuthenticationObserver.registerCallback(testId, testCallback);
+
+            expect(testId in MultifactorAuthenticationCallbacks.onFulfill).toBe(true);
+        });
+    });
+});