For compliance reasons, I must force/enable all tenant admins to use MFA with a custom password policy. I didn’t find any place in Auth0 that allows doing so.
Is that possible? If so, how?
Please note I’m talking about tenant admins - I know how to set it up for a specific connection/authentication, but I’m looking to do so for our internal admin users.
At this time, the enrolment of MFA by a tenant admin is an opt-in choice done by each admin and it is not currently enforceable. I believe that the ability to enforce MFA as well as other policies for the tenant admin that access certain tenants is something in the roadmap of Auth0 Teams (https://auth0.com/docs/get-started/tenant-settings/auth0-teams), but I don’t think it’s available yet.
For enterprise subscription a possible approach would be to request the configuration of SSO with the customer identity provider and this way both MFA and password policy could be controlled upstream. However, this would still imply that tenant admins logging in through SSO would not invite admins that login through other means as otherwise it would be back to square one.