Custom MFA Rule using use_mfa

We’ve got a custom rule for controlling conditional MFA on one of our applications. As suggested in this document here, the rule is checking the user.user_metadata.use_mfa property.

However, when users actually enable MFA, this property is never set on the user’s metadata, so MFA is never actually enforced on login.

Is this property supposed to be set manually? And if so, how, as at least as far as I can see when a user enables MFA via an enrolment ticket link/email, they are never redirected back to our application, nor is there any callback, so how are we to ever know they have enabled MFA to then set the property?

Any help on this would be much appreciated!

1 Like

I’d also be interested in this if someone could shed some light on it

1 Like

Do you have any solution for this issue?

I know that I am missing something but I dont know what.

thx

I am also looking for this feature in Auth0

Hey there!

As this topic is related to Rules - Hooks - Actions and Rules & Hooks are being deprecated soon I’m excited to let you know about our next Ask me Anything session in the Forum on Thursday, January 18 with the Rules, Hooks and Actions team on Rules & Hooks and why Actions matter! Submit your questions in the thread above and our esteemed product experts will provide written answers on January 18. Find out more about Rules & Hooks and why Actions matter! Can’t wait to see you there!

Learn more here!