Hello, we’re assessing whether a free plan of auth0 is viable for us. From what I can tell, with the free plan we can allow our end users to turn on MFA, but we cannot require them to. Have I understood right?
Hi @kit.johnson,
Welcome to the Auth0 Community!
Please allow me to clarify a few things of how the enablement of MFA works in Auth0.
Firstly, MFA enrollment is never optional, so you are not able to allow users to skip MFA if Require Multi-factor Auth is set to Always, or otherwise enforced for that particular user via actions. Of course, you can Customize Your MFA Using Actions if you have specific requirements.
According to our Pricing page, all the MFA Factors are only fully available under a Paid Plan. Even though Auth0 allows you to enable these factors for testing purposes in the Free Plan as well, afterwards you might receive a message such as: “Please upgrade your subscription to continue using this feature.” when the trial period ends.
I hope this answers you questions and if you have any other ones please do not hesitate to ask.
Best regards,
Remus
Hi Remus, thanks for your prompt response! I’m still not completely clear on this, but I’m sure that can be solved.
Could you explain what MFA factors are available on the free plan? (I ask this because you say that they are only fully available on a paid plan, which suggests that they are partially available on a free plan.)
Thank you
Hi @kit.johnson,
That’s a sure thing!
I have mentioned that earlier because Auth0 does not block these MFA factors from being available at the begging, so developers can try them. This is however intended to work only for a testing environment, and not for production usage.
So in conclusion, enabling MFA factors is only included in our paid plans, since if these features are regularly used for over three months, the tenant admins will be asked to upgrade the subscription.
A helpful article on the matter should be - Entitlements for Enterprise MFA Feature.
I hope this enlightens the situation.
Kind regards,
Remus
1 Like
I have a tenant that’s past the trial, on a free plan, and set to “production“. Even so, users can be enrolled in MFA. Are you saying that in a few months MFA will be turned off for this tenant? And what happens then, will users who had MFA enabled still be able to sign in?
Hi @ejain,
Welcome to the Auth0 Community!
It is mentioned in this article - Entitlements for Enterprise MFA Feature that before users are impacted by the lack of a proper subscription plan, you will receive the following message:
You’ve been utilizing Enterprise MFA, but unfortunately, your current plan does not allow for the use of this feature. Please upgrade your subscription to continue using this feature.
So if users are regularly using this features for over three months and you are still under a free plan, tenant admins will be asked to upgrade the subscription to avoid service disruption.
Thank you and if you have other questions on the matter please let me know!
Best regards,
Remus
Can you clarify what you mean by “service disruption“? Will users still be able to sign in, but without being prompted for MFA? Will they be prevented from signing in? Will the entire tenant be suspended?
Are there other feature that will get disabled after three months?
Not complaining about pricing, just trying to avoid unpleasant surprises 