Auth0 ACUL doesn't allow for customization of `mfa-otp-challenge`

Get Help
,
1

Hello!

I’m working on a very specific feature for a flow that we should only be invoking if a user is going through the MFA OTP or the MFA SMS screens. I’m looking to simply customize the screen to add a link that directs back to our website that allows us to use a third-party SDK to validate their identity.

All that to say, all I want to do is modify the mfa-otp-challenge and mfa-sms-challenge screens by adding said small link to the page. I’ve been using the auth0-cli with the acul to try and find these screen to add and so far I’ve had no luck in trying to get it working.

Within the CLI for acul I’ve ran init and add to try and find the screens and so far they don’t return anything other than the mfa-sms-challenge and mfa-email-challenge screens, which don’t seem to be what I need. However, I cannot even get them to load on the page. The only screen I’ve gotten in the login-id screen in the non-connected version.

Command:

auth0 acul dev -c -s all

Which returns an error within the console saying

Uncaught Error: Universal Login Context is not available on the global window object.

I’m unsure what I’m doing wrong as I can get the login-id screen to work without the -c command, but even specifying a screen with the -s only loads login-id. I’ve made sure to run auth0 acul screen add … for each screen I want but having no luck there either.

Please let me know if there is something I’m missing or there is something more I need to do. There is plenty of documentation about what I need to customize that is leading to 404 pages which are never helpful.

1 Like
2

Hey, did you manage to find the solution/answer?

4

Hi @mike.huebner

Welcome to the Auth0 Community!

I am sorry about the delayed response to your issue!

What are the add commands you have used in order to add the aforementioned screens?
The commands should be:

  auth0 acul screen add mfa-otp mfa-otp-challenge -d {{ACUL_APP}}
  auth0 acul screen add mfa-sms / mfa-sms-challenge -d {{ACUL_APP}}

Additionally, just to double check, have you checked our documentation on setting up ACUL and have you authenticated against your tenant via auth0 login?

Alternatively, you can try running these commands to save the templates locally:

auth0 acul screens show mfa-otp-challenge > mfa-otp-challenge.html
auth0 acul screens show mfa-sms-challenge > mfa-sms-challenge.html

Once you have done so, you should be able to modify the files in order to add your custom links and deploy them using:

auth0 acul screens update mfa-otp-challenge --html mfa-otp-challenge.html
auth0 acul screens update mfa-sms-challenge --html mfa-sms-challenge.html

If you can provide some additional information as to how you have configured the ACUL CLI, that would be helpful to troubleshoot the issue that you are having.

Kind Regards,
Nik

1 Like
5

@harshalrj25 - this is worth knowing for our implantation too

6

This is what I get when I run the auth0 acul screen add mfa-otp mfa-otp-challenge

Unsupported screens: mfa-otp, mfa-otp-challenge

I’m running the other ones now to see if I get the same.

8

The auth0 acul screens show mfa-otp-challenge > mfa-otp-challenge.html gives me a file that says this

Customize the Universal Login experience. This requires a custom domain to be configured for the tenant.

Usage:

auth0 acul [parameters…] [flags]

Available Resources:

config Configure Advanced Customizations for Universal Login screens.

init Generate a new ACUL project from a template

screen Manage individual screens for Advanced Customizations for Universal Login.

dev Start development mode for ACUL project with automatic building and asset watching.

Flags:

-h, --help Help for acul.

Global Flags:

  --debug           Enable debug mode.

  --no-color        Disable colors.

  --no-input        Disable interactivity.

  --tenant string   Specific tenant to use. (default "-----")

Use “auth0 acul [command] --help” for more information about a command.

9

Thanks for the extra info @mike.huebner

Indeed, to use ACUL, you are required to configure a custom domain, especially for the more advanced screens.

However, you should still have more available then the login-id one.

I will need some time to investigate the matter and come back with a configuration guide on the matter.

Otherwise, just to double check, have you followed our documentation on ACUL regarding the setup and using an IaC(Auth0 CLI in your case)?

Kind Regards,
Nik

1 Like
10

Hi again @mike.huebner

I will need some extra time in regards to investigating the customization flow of ACUL. Basically, since it is designed to offer full control over the customizations of UL, it is intended to build the customized screens and prompts from scratch. I will provide some clarifications on the flow once I complete the tests on my side.

Otherwise, if you are using Auth0 CLI, you can run the auth0 ul customize in order to open a live editor for all of you available screens and prompts. Please take into consideration that both of these features require you to have an active Custom Domain on your Auth0 tenant.

Once you run the command, please select the Standard mode since the Advanced one will be deprecated on 2026-06-15 even though it is recommended for full customzation and granular control.

You will be able to add a custom link as you have mentioned above, however, it will be outside of the designated widget of the selected prompt/screen.

Please let me know if the proposed solution is useful for your use case at this time or if you wish to continue with ACUL so I can provide as much information as possible regarding its configuration.

Kind Regards,
Nik

11

Hi @mike.huebner

I can see that you have opened a support ticket on the matter. Unfortunately, I have not been able to finish the tests on my side regarding ACUL.

Since I will be OOO tomorrow, I would recommend keeping in touch with the designated support engineer on the matter and I will sync with them whenever necessary regarding troubleshooting the issue.

If you have any other questions or updates, please let me know!

Kind Regards,
Nik

13

Hello,

I need urgent help with an MFA reset for my Auth0 dashboard account.

I am completely locked out because my login only offers:

  • Google Authenticator

  • Recovery Code

  • Fingerprint / Face Recognition (which never completes)

I no longer have Google Authenticator or recovery codes, and the biometric option keeps loading forever.
As a result, I cannot access the dashboard, and I also cannot open a support ticket, since the Support Center requires login and the login requires MFA.

I have already tried:

  • multiple browsers and devices

  • clearing passkeys

  • incognito mode

  • all available login URLs

  • contacting Okta/Auth0 sales and support channels

None of these options allow me to bypass MFA or recover access.

This situation has been ongoing for many days, and I am unable to manage my application or my users.

I was instructed to request help here so that the MFA can be reset manually.

14

Hi @Thomasp123

Welcome to the Auth0 Community!

Please send a DM to the @support group with the tenant name and email address associate with the account in order to submit an MFA reset request on your behalf!

In the future, please open a new topic instead of posting on an unrelated thread, thank you!

Kind Regards,
Nik