Action API Method Difference Between 'api.multifactor.enable' and 'api.authentication.challengeWithAny'

Problem statement

The API documentation for Post-Login Actions mentions these two methods related to MFA:

  • api.authentication.challengeWithAny
  • api.multifactor.enable(provider, options)

What is the difference between these two methods when triggering MFA?


The difference between these two methods is covered in more detail on the documentation page here. In addition to the above documentation, here are some additional details regarding these methods:

For the api.multifactor.enable(), the supported providers are the following:

  • “any” Use any of the configured challenges.
  • “duo” Use the Duo multifactor provider.
  • “google-authenticator” Use the Google Authenticator provider.
  • “guardian” Use the Guardian provider.
  • “none” Use none of the configured challenges to prevent the MFA flow from triggering.

If the goal is to enable MFA challenges(“any”) or either “duo”, “google-authenticator”, or “guardian”, then call the api.multifactor.enable().

When using the api.authentication.challengeWithAny it will enable a group of factors in one call; below is what a sample call looks like:

api.authentication.challengeWithAny([{ type: 'sms'}, { type: 'push-notification' }]);