Account Locked: MFA Resets Requests

Last Updated: Aug 2, 2024

Overview

This article will help in handling MFA reset requests when an account is locked.

In general, it is important to enroll in multiple MFA methods for Dashboard Admins and leverage the ability to regenerate the recovery code.

The following factors can be configured from the Profile page, and it is highly recommended to enroll in at least 2 of them and in as many as possible:

  • WebAuthn with FIDO security keys: WebAuthn roaming authenticators are removable and cross-platform, like a Yubikey, and can be used on multiple devices. To authenticate with a roaming authenticator, users must connect the authenticator to their device (through USB, NFC, or Bluetooth) and provide proof of presence (by touching it, for example).
  • WebAuthn with device biometrics: WebAuthn platform authenticators are attached to a device and work on that device only. Examples are the MacBook Touch Bar, Windows Hello, iOS Touch ID or Face ID, and Android fingerprint or face recognition. Because they work on the attached device only, a user must have at least one other factor enrolled in their profile before enrolling in device biometrics.
  • Push notification via Guardian: This service sends push notifications to a user’s pre-registered device, typically a mobile phone or tablet. With a button press, the user can immediately allow or deny account access. The push factor is available with the Guardian mobile app for iOS and Android.
  • One-time passwords (OTP): Allows users to use an authenticator app (such as Google Authenticator) on their personal devices. The app generates an OTP that changes over time and can be entered as a second factor to validate the account.
  • SMS notification: Auth0 sends a one-time code over SMS and prompts the user to enter it before they can complete authentication.

NOTE: Store the Recovery Code in a secure place, like a password manager. If not done, regenerate the recovery code to store it now.

Applies To

  • Multifactor Authentication (MFA)

Solution

Filing a MFA Reset Request:
Follow the video or steps below based on the account type.

Free account

  1. Send @support a private message with the email address and tenant of the account
  2. Once submitted, a support ticket will be opened, and the Developer Support Team will verify the request and proceed.

Paid account

  1. Open a support ticket describing what happened and attach the tenant name and tenant admin email address.
  2. The Developer Support Team will confirm the identity and handle the request.
  3. If access to support.auth0.com is unavailable, follow the instructions for the free plan.

Related References

8 Likes