Guardian MFA, Custom domains and blocking 3. party cookies

Maybe its me who can’t find the documentation or the setting, but i can’t get Guardian MFA,custom domains and blocking 3 party cookies to work.

Blocking 3. party cookies is required - we can’t ask our users to allow 3. party cookies and we can’t ask them not to use MFA.

So with that said here is the problem:

When enabling a custom domain, the login happens on login.ourdomain.com - all good so far.
But the mfa-widget-1.5.js apparently connects to ourauth0domain.guardian.com and something then sets a cookie there with the domain ourauth0domain.guardian.com. This is obviously blocked because it is a third party cookie (originating from an root domain different from our login domain)

So did i miss a configuration, a section of the documentation that states, that MFA, custom domains and third party cookies are a show stopper or is the system just plain broken because no one considered this scenario?

Can anyone shed some light on the issue?

Edit: Ok, so after a little fiddeling i realized i can change this
" mfaServerUrl: “{{ mfaServerUrl }}”,"
to this "mfaServerUrl: “https://logintest.ourdomain.com/guardian/” in the Guardian Multifactor hosted page.

So where in the documentation does it state that you have to do this to get custom domains, MFA an TPC to work?

1 Like

Thanks Thornton this was helpful. It’s frustrating that we need to use a custom Guardian MFA hosted page to support custom domains in Auth0. Seems like a feature that should be supported by the hosted page without having to now maintain a custom MFA hosted page.