Account Locked: MFA Resets Requests

MFA Reset Request Process Summary

The aim of this FAQ is to help both you and us in handling MFA resets request in a more convenient and faster way.

In general, it’s important to enroll in multiple MFA methods for Dashboard Admins, and leverage the ability to regenerate the recovery code.

The following factors can be configured from the Profile page, and we highly recommend to enroll at least 2 of them and as many as possible:

  • WebAuthn with FIDO security keys : WebAuthn roaming authenticators are removable and cross-platform, like a Yubikey, and can be used on multiple devices. To authenticate with a roaming authenticator, users must connect the authenticator to their device (through USB, NFC, or Bluetooth) and provide proof of presence (by touching it, for example).
  • WebAuthn with device biometrics : WebAuthn platform authenticators are attached to a device and work on that device only. Examples are the MacBook Touch Bar, Windows Hello, iOS Touch ID or Face ID, and Android fingerprint or face recognition. Because they work on the attached device only, a user must have at least one other factor enrolled in their profile before enrolling device biometrics.
  • Push notification via Guardian : Sends push notifications to a user’s pre-registered device, typically a mobile phone or tablet. The user can immediately allow or deny account access with a button press. The push factor is available with the Guardian mobile app for iOS and Android.
  • One-time passwords (OTP) : Allows a user to use an authenticator app (such as Google Authenticator) on their personal device. The app generates an OTP that changes over time and can be entered as a second factor to validate the account.
  • SMS notification : Sends a one-time code over SMS. Auth0 then prompts the user to enter this code before they can complete authentication.

Please make sure your Recovery Code is stored in a secure place, like a password manager. If you haven’t done so already, you can regenerate your Recovery Code to store it now.

Filing a MFA Reset Request:

Please do follow this steps once you need to make such request

If you are using a free plan

  • Send @support a private message with
    • Your tenant name
    • Email of a user you request the reset for
    • Tenant admin email address
    • Short info on what happened
  • After we receive it and do some checks we’ll need to confirm you identity
  • Once it’s confirmed on behalf of you we’ll open a support ticket and someone from our Developer Support Team will do the final reset for you

If you are a paying customer (developer, developer pro, enterprise plans)

  • Open a support ticket filling every info that you feel is needed, describing what happened and attaching your tenant name and tenant admin email address
  • From then on someone from Developer Support Team will confirm your identity and handle the rest for you.

Thank you for your co-operation!

Supporting Documentation: Managing Auth0 Dashboard Admins and MFA

7 Likes