Abstract: Multi-factor authentication workflow management with distributed access is disclosed, including: receiving, from a device, a request to complete a multi-factor authentication (MFA) process for an account at a source service platform; verifying, based at least in part on a security policy, that a user associated with the request is included in a set of authorized users that is permitted to access an encrypted secret key corresponding to the account at the source service platform; determining that a received key share included in the request can be combined with a stored key share to decrypt the encrypted secret key; and causing a passcode corresponding to the MFA process for the account at the source service platform to be generated for the device based at least in part on the decrypted secret key.