B2B Multi tenant MFA

kartik.cds · April 26, 2021, 4:58am

For my multi-tenant Saas Application, I am using a separate Application <-> Connection per customer.

Customers selectively are requesting for MFA. How Can I enable MFA for few customers and disable MFA for others. Basically, Can I enable/disable MFA per application or per connection ?

john.gateley · April 26, 2021, 2:43pm

Hi @kartik.cds

Have you tried Auth0 Organizations? They may apply in your case.
https://auth0.com/docs/organizations

To do your MFA, choose the “Never” option for MFA on the MFA page, and then use a rule to selectively enable MFA, There are several sample rules to choose from to get you started.

John

adam.housman · April 26, 2021, 3:41pm

If using Organizations, you could store this at the organization metadata layer and then use a rule to trigger MFA.

function multifactorAuthentication(user, context, callback) {
  //Make sure the rule runs only for the application you are concerned about.
  if (context.clientID === 'REPLACE_WITH_YOUR_CLIENT_ID') { 
    // Run MFA for organizations that have metadata property called "mfa" set to "true"
    if (context.organization && context.organization.metadata && context.organization.metadata.mfa && context.organization.metadata.mfa == "true") { 
      context.multifactor = {
        provider: 'any',
        // optional, defaults to true. Set to false to force authentication every time.
        // See https://auth0.com/docs/multifactor-authentication/custom#change-the-frequency-of-authentication-requests for details
        allowRememberBrowser: false
      };
    }
  }
  callback(null, user, context);
}

Alternately you could set the MFA provider that should be used in the org metadata…

konrad.sopala · April 26, 2021, 3:48pm

Thanks for engaging in this one @adam.housman and @john.gateley !

kartik.cds · April 26, 2021, 7:24pm

Thanks @john.gateley @adam.housman for the prompt response. Organizations is good (but needs enterprise/startup license for that), but my use-case is well satisfied with the Application <-> Connection combo…
I will try your suggestion of using Rules with clientID conditions for application specific MFA.

Thanks again.

konrad.sopala · April 27, 2021, 9:28am

No worries! Let us know if you have any further questions!

system · May 12, 2021, 9:28am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Different MFA policies by organization Help auth0 , mfa , organizations	8	3577	October 28, 2021
Enable MFA per org Help mfa , actions , organizations	2	2210	July 14, 2022
Disable MFA for enterprise connection Help mfa , mfa-api	2	1959	May 12, 2023
Multifactor authentication per Database Help	4	4690	August 30, 2019
Add MFA per application Feedback mfa , applications	2	2066	July 22, 2022

B2B Multi tenant MFA

Related Topics