*Updated on February 1, 2024
Hello everyone!
As part of Okta’s focus on Identity security, we wanted to share some guidance on implementing industry standards to help keep your dashboard user accounts secure.
What is changing?
Starting on February 1, 2024, dashboard users for Auth0 Dashboard, Teams, or Auth0 Support Center who use any of the below login methods will be required to complete a Multi-Factor Authentication (MFA) to login to Auth0:
- Username and password
- Google social connection
- LinkedIn social connection
- Github social connection
- Microsoft account social connection
What action do you need to take?
If not already enrolled for MFA, such users would be required to pick one MFA method from the list below and complete the enrollment process before they can login:
- One-time password with Google Authenticator
- Push notification using Auth0 Guardian
Already enrolled? Great! You can further secure your account by adding multiple authentication factors — a smart move if you ever lose access to one of the factors.
Additional Resources
Note: Users that are having issues enrolling into MFA should make sure the browser allows popup from auth0.com.
Ready to start using MFA as part of a more secure login flow? You can configure it in your user profile.
Read more about how to configure Multi-Factor Authentication for Dashboard Users.
Need to request an MFA reset? Review this post.
Frequently Asked Questions
1. Would this affect end user applications or websites configured to use Auth0?
This change applies to your Auth0 account login and does not impact applications or websites you have configured with Auth0.
2. We use our enterprise IdP connection to access Auth0 dashboards, would we be required to enroll into MFA?
No, this only affects dashboard users using one of the following means to access the Auth0 Apps:
-
Username and password
-
Google social connection
-
Linkedin social connection
-
Github social connection
-
Microsoft account social connection
3. Can I enroll into more than one factor?
Yes, you can add or replace factors by accessing your user profile page. We recommend dashboard users have more than one factor active, this helps if you lose access to one of the factors.
4. What happens if I already have MFA turned on from my social connection account?
Auth0 dashboard will prompt you for MFA every 24 hours. Depending on how frequently your social connection account prompts you for MFA, you might be challenged twice, one by your social connection account and one by the Auth0 Dashboard.
Feel free to comment down below if you have any questions.