B2B Multi tenant MFA

For my multi-tenant Saas Application, I am using a separate Application <-> Connection per customer.

Customers selectively are requesting for MFA. How Can I enable MFA for few customers and disable MFA for others. Basically, Can I enable/disable MFA per application or per connection ?

Hi @kartik.cds

Have you tried Auth0 Organizations? They may apply in your case.

To do your MFA, choose the “Never” option for MFA on the MFA page, and then use a rule to selectively enable MFA, There are several sample rules to choose from to get you started.

John

2 Likes

If using Organizations, you could store this at the organization metadata layer and then use a rule to trigger MFA.

function multifactorAuthentication(user, context, callback) {
  //Make sure the rule runs only for the application you are concerned about.
  if (context.clientID === 'REPLACE_WITH_YOUR_CLIENT_ID') { 
    // Run MFA for organizations that have metadata property called "mfa" set to "true"
    if (context.organization && context.organization.metadata && context.organization.metadata.mfa && context.organization.metadata.mfa == "true") { 
      context.multifactor = {
        provider: 'any',
        // optional, defaults to true. Set to false to force authentication every time.
        // See https://auth0.com/docs/multifactor-authentication/custom#change-the-frequency-of-authentication-requests for details
        allowRememberBrowser: false
      };
    }
  }
  callback(null, user, context);
}

Alternately you could set the MFA provider that should be used in the org metadata…

2 Likes

Thanks for engaging in this one @adam.housman and @john.gateley !

Thanks @john.gateley @adam.housman for the prompt response. Organizations is good (but needs enterprise/startup license for that), but my use-case is well satisfied with the Application <-> Connection combo…
I will try your suggestion of using Rules with clientID conditions for application specific MFA.

Thanks again.

1 Like

No worries! Let us know if you have any further questions!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.