I am using multiple applications with a single auth0 tenant. Can I configure MFA for a particular application not for all?
Hi @vvijayakumar,
Welcome to the Auth0 Community!
Yes, that is possible by using Auth0 Actions to conditionally enforce MFA for a specific application.
The code would look something like the following:
exports.onExecutePostLogin = async (event, api) => {
if(event.client.client_id === 'YOUR_CLIENT_ID') {
api.multifactor.enable('any');
}
};
(Reference: Post-Login Action - Enforce Custom MFA Policy)
I hope this helps!
Please reach out if you have any questions.
Thanks,
Rueben
1 Like
Thank you very much Ruben.
1 Like
It did not work in my real application. So I made a proof of concept.
Step 1: I have created two single-page applications.
Step 2: Under the Security tab, I enabled Phone Message MFA.
Step 3: Developed a customised action.
exports.onExecutePostLogin = async (event, api) => {
if(event.client.client_id === 'LJ0a69xMbbIXOr5ClAQoGC6MGhb1IkE1') {
api.multifactor.enable('any');
}
};
Step 4: Add the action to the login flow.
Nonetheless, MFA had an impact on both of my applications. Where did I make a mistake?
Thanks
Vimal
Hi Vimal 
In addition, you’ll want to make sure your (MFA) configuration has Require Multi-Factor Auth set to either None or Use Adaptive MFA (see here for details). If you have it set to Always then the conditional logic in your action will effectively be overridden.
Hope that helps 
2 Likes
Oh, yes, that was the error I made.
You come through for me. Peter, thank you very much.
1 Like
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.