Can I get a tenant's MFA settings in Rules?

Our application requires MFA with OTP for some user logins.

In the tenant MFA settings, One-time Password is set to Enabled, and Require Multi-factor Auth is set to never.
Then a Rule is set to require MFA only for users who meet certain criteria.

If for some reason a tenant’s OTP MFA is unintentionally disabled, an error will occur at login.
Therefore, we would like to request MFA after checking the status of the tenant’s MFA settings in the Rule, Is this feasible?

Hi @chiba,

Welcome to the Auth0 Community!

You can control the MFA settings with the management API. For example, you can enable/disable MFA factors with the /api/v2/guardian/factors/{name} endpoint.

You can retrieve factors and their status’ with the /api/v2/guardian/factors endpoint.

This can be done from a rule/action. As a word of caution, the Management API has fairly strict rate limits and you should not be calling it or obtaining management API tokens every time a rule or action runs.

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.