For my multi-tenant Saas Application, I am using a separate Application <-> Connection per customer.
Customers selectively are requesting for MFA. How Can I enable MFA for few customers and disable MFA for others. Basically, Can I enable/disable MFA per application or per connection ?
Hi @kartik.cds
Have you tried Auth0 Organizations? They may apply in your case.
https://auth0.com/docs/organizations
To do your MFA, choose the “Never” option for MFA on the MFA page, and then use a rule to selectively enable MFA, There are several sample rules to choose from to get you started.
John
If using Organizations, you could store this at the organization metadata layer and then use a rule to trigger MFA.
function multifactorAuthentication(user, context, callback) {
//Make sure the rule runs only for the application you are concerned about.
if (context.clientID === 'REPLACE_WITH_YOUR_CLIENT_ID') {
// Run MFA for organizations that have metadata property called "mfa" set to "true"
if (context.organization && context.organization.metadata && context.organization.metadata.mfa && context.organization.metadata.mfa == "true") {
context.multifactor = {
provider: 'any',
// optional, defaults to true. Set to false to force authentication every time.
// See https://auth0.com/docs/multifactor-authentication/custom#change-the-frequency-of-authentication-requests for details
allowRememberBrowser: false
};
}
}
callback(null, user, context);
}
Alternately you could set the MFA provider that should be used in the org metadata…
Thanks for engaging in this one @adam.housman and @john.gateley !
Thanks @john.gateley @adam.housman for the prompt response. Organizations is good (but needs enterprise/startup license for that), but my use-case is well satisfied with the Application <-> Connection combo…
I will try your suggestion of using Rules with clientID conditions for application specific MFA.
Thanks again.
No worries! Let us know if you have any further questions!