Problem statement
After setting up Adaptive MFA, there is a new assessor called PhoneNumber Assessment, which appears to only return the following assessment during a normal username/password login transaction. The phone assessment looks like the following:
"PhoneNumber": {
"confidence": "neutral",
"code": "phone_number_not_provided"
}
Does this new assessor impact how Adaptive MFA functions for regular user logins that do not involve a phone number? Additionally, does Adaptive MFA review the phone numbers input for Phone Message MFA and deliver a confidence score?
Cause
The new “PhoneNumber assessment” is used in the login flow where the phone number is the main identifier of the user, such as the SMS Passwordless connection.
Solution
In a standard username/password login flow, it is expected that the assessment result will be phone_number_not_provided. Additionally, Adaptive MFA’s Phone Number Assessment will only evaluate SMS Passwordless authentication at this time, the phone number input for SMS/Phone Message MFA is not evaluated by Adaptive MFA.
If this additional functionality would be useful, please consider opening a Feature Request on the Auth0 Community site which is regularly reviewed by the Auth0 Product Team.