Allow a Tenant to force all Auth0 Dashboard users to have MFA active

Feature:

Allow a Tenant to force all Auth0 Dashboard users to have MFA active.

Description:

I would like to enforce that MFA is active for all users of the Auth0 Dashboard that can see and modify how our Auth0 Tenant is configured. Any users that do not have MFA active should be unable to access the dashboard until their MFA is setup.

It is undesirable to need to regularly check the Auth0 Dashboard manually to ensure all dashboard users currently have MFA enabled and to chase any users without MFA to enable it.

This request was originally raised a support ticket, but I was informed it was currently a product feature request with no ETA and that raising it here was the preferred way to upvote this product request priority. See also Enforce MFA for Dashboard Admins

Use-case:

Auth0 is a primary authentication mechanism for a service provided to our customers that expect PCI and SOC2 compliance so we want to ensure that the ability to modify how auth is performed is subject to strong security checks.

Hey there @jasonsection - Welcome to the community and thanks for the feedback! We do monitor these closely for community engagement, so hopefully this gets some votes from other members :crossed_fingers:

I’m somewhat surprised this isn’t already an option for a security/identity focussed platform such as Auth0, especially given we’re able to enforce MFA for customers.

Another option is setting up SSO for business users and enforcing strong authentication requirements in your internal IdP, but as invites can be accepted by recipients using any of the available login methods that doesn’t guarantee that tenant members will always be covered by those requirements. The only way I can see to guard against this is regularly auditing the lists of tenant members and their IdP - which is time consuming and will end up getting overlooked.

The thread linked above included a statement suggesting this was in the works in 2017, are there any updates available?