I am using multiple applications with a single auth0 tenant. Can I configure MFA for a particular application not for all?
Hi @vvijayakumar,
Welcome to the Auth0 Community!
Yes, that is possible by using Auth0 Actions to conditionally enforce MFA for a specific application.
The code would look something like the following:
exports.onExecutePostLogin = async (event, api) => {
if(event.client.client_id === 'YOUR_CLIENT_ID') {
api.multifactor.enable('any');
}
};
(Reference: Post-Login Action - Enforce Custom MFA Policy)
I hope this helps!
Please reach out if you have any questions.
Thanks,
Rueben
Thank you very much Ruben.
It did not work in my real application. So I made a proof of concept.
Step 1: I have created two single-page applications.
Step 2: Under the Security tab, I enabled Phone Message MFA.
Step 3: Developed a customised action.
exports.onExecutePostLogin = async (event, api) => {
if(event.client.client_id === 'LJ0a69xMbbIXOr5ClAQoGC6MGhb1IkE1') {
api.multifactor.enable('any');
}
};
Step 4: Add the action to the login flow.
Nonetheless, MFA had an impact on both of my applications. Where did I make a mistake?
Thanks
Vimal
Hi Vimal
In addition, you’ll want to make sure your (MFA) configuration has Require Multi-Factor Auth
set to either None
or Use Adaptive MFA
(see here for details). If you have it set to Always
then the conditional logic in your action will effectively be overridden.
Hope that helps
Oh, yes, that was the error I made.
You come through for me. Peter, thank you very much.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.