I am trying to implement a 2FA using phone number to an existing application to enhance the security. I already have phone numbers of the users stored while creating the profile for them in my web app. Can I use the same number to register for the MFA so that next time user tries to login, it will send the OTP directly to that number without asking the number from the user again?
User currently can edit the profile in my web app and edit the phone number, but I want to trigger the 2FA authentication again while editing the phone number. How can I conditionally trigger the 2FA? Can someone provide a guide or links to tutorials of such? Any help would be appreciated. Thanks
Can I use the same number to register for the MFA so that the next time the user tries to log in, it will send the OTP directly to that number without asking the number from the user again?
If the users are already enrolled in the MFA phone number in the first login, to remove the request for entering the phone number again in the future login, please check the details in this FAQ (Configuring MFA Flow to require MFA once per session with Actions`). The max for user logging in without re-entering the phone number is 30 days.
If the users are not enrolled in the MFA phone number yet and you want to update the MFA phone number with the number on the user profile, you may bulk export user profile as a JSON file, add the mfa_factor section, and then bulk import the updated JSON file.
"mfa_factors": [
{
"phone": {
"value": "+15551112233" //the number on user profile.
}
}
]