Hi @rdlou,
Welcome to the Auth0 Community!
If the user enrolling in MFA using an authenticator app is not part of an organization, the label will take the value of the friendly name of the tenant. If the user is part of an organization the label will take the value of the friendly name of the organization he’s authenticating for.
This is similar to how in Google or Microsoft, no matter what application of theirs you’re trying to sign in to, they’re still all managed by their respective corporation. This is because in Auth0, the account is not bound by application, but by tenant, or if an organization owns the account, by the organization.
If you have any other question feel free to reach out.
Have a good one,
Vlad