Changing MFA methods in a production site

Hi all. I’m in the progress of changing from Enterprise MFA to ProMFA. The functionality is looking fine, but I need to know more about how to manage the switch.

It seems that I need to reset MFA for each user and switch off Enterprise MFA. On the next login, each user will need to log in and will be presented with the QR code for the one-time code setup with ProMFA.

Is there a way to reset MFA for all users rather than one by one?

It appears that if I have phone and email MFA (Enterprise) enabled and one-time code (ProMFA) then the default for a new user is to be presented with the ProMFA setup. This may be due to our subscription, ie the default goes to the lowest available MFA method. I’m expecting at the time I switch this on I will just disable phone and email and only have ProMFA available.

I am also assuming that the login interface will remain the same, ie branding customisations. On my test site the initial username/password dialog has the Auth0 logo on it, despite having our company logo set. On the subsequent screens (QR code, one-time code) our company logo appears. I am hoping on the production site that this will not happen. At present our logo appears on all of the dialogs. I can’t test this as I am not going to mess with the production site. I want to check everything on a test site.

Overall, I think the change to ProMFA looks okay. I need to know how best to reset MFA for all users and also how the interface will change/appear once I make the switch.

If anyone has experience or knowledge of this I’d be happy to hear from you. The alternative is to flick the switch and just see what happens, but that’s never a great option.