Calling .enable() if they have MFA already enrolled or not?

In regards to MFA Actions PostLogin. I’ve read the documentation and it contradicts itself. In the Action Template provided, it states to only call api.multifactor.enable if MFA has been previously set up. However, in this link, it specifically mentions to call api.multifactor.enable if MFA has not been set up. Which is it?

https://auth0.com/docs/secure/multi-factor-authentication/adaptive-mfa/customize-adaptive-mfa#adaptive-mfa-template
Versus
https://auth0.com/docs/secure/multi-factor-authentication/adaptive-mfa/customize-adaptive-mfa#require-mfa-enrollment-template

Hi @emurphy,

Welcome back to the Auth0 Community!

The Adaptive MFA template guides into creating a business flow based on individual risk assessments. The example requires the user to use MFA when logging in from an unknown device. The logic behind the template is that the user should be prompted only if he already has a factor enrolled, otherwise he is not forced to do so.

On the other hand, the Require MFA Enrollment template checks if the user has previously set up an MFA factor and if not, makes it mandatory for the user to do so.

Depending on your use case, you may use one of the templates as a start for your solution. I hope this was helpful and don’t hesitate to reach out if you have more questions.

Thanks,
Tudor

1 Like