We are using Auth0 Universal Login flow. We used to be able to reset users’ multifactor account in case they lose or change their mobile phone, but not any longer. This is what exactly happens:
- User can successfully login using their existing multifactor code (Google Authenticator)
- We reset the user’s multifactor through Users > Actions > Reset Multifactor Authentication
- User goes to our domain
- The page will redirect the user to Auth0 domain (we are on the free account, so .auth0.com/login?state=)
- They enter their username/password
- Before they see the new multifactor code, they see the following image (url: .auth0.com/mf?state=):
The last time we could successfully reset someone’s multifactor was July 09, 2018. We are having this issue only this week (starting July 16, 2018). I’m not sure if it has anything to do with the deprecation of Lock UI or not.
Looking forward to your help since it’s blocking our users from using the system.