Hi,
Is it possible to conditionally require user to register on signup and use on login MFA based on user attributes?
This similar post - Prompt MFA based on user Meta Data - #4 by markd has a broken doc link Page Not Found
Hi again @JFoxUK,
Long time no see
Yes, you can trigger MFA and specific registration requirements conditionally based on user attributes. The modern way to achieve this in Auth0 is through Auth0 Actions, specifically using the Post-Login to customize the MFA, and Pre-User Registration. These allow you to execute custom JavaScript logic during the authentication process.
Example of Post Login for customizing MFA:
exports.onExecutePostLogin = async (event, api) => {
// Check if the user has a specific attribute in metadata
if (event.user.user_metadata && event.user.user_metadata.requires_mfa === true) {
api.authentication.enrollWith({ type: 'otp' }); // Force enrollment if not enrolled
api.multifactor.enable('any'); // Trigger MFA
}
};
Example of Pre User Registration
exports.onExecutePreUserRegistration = async (event, api) => {
const { user } = event;
// Example: Block registration if a required attribute is missing
if (!user.user_metadata || !user.user_metadata.department) {
api.access.deny('Registration failed', 'A department attribute is required to register.');
}
};
If you have any further questions, please don’t hesitate to reach out.
Have a good one,
Vlad
1 Like