Hi everyone, currently I have turn on the multi-factor on my Okta dashboard include: One-time Password, Push Notification using Auth0 Guardian, Recoverycode, Email, Phone and turn on two options Show Multi-factor Authentication options, Customize MFA Factors using Actions. I would like to find the way that MFA appilications can be displayed seperately. For example I have two different organizations. For one organization(URL) I would like to use only option Guardian app and recovery code. For the second use the Google Authenticator app or similar with email**.** There is any way to help me to do that? I use the configuraion Push Notification using Auth0 Guardian and it always displayed both option: Guardian app and Google Authenticator or similar option.
Hi @nguyenyenictpt,
Welcome to the Auth0 Community!
Firstly I assume you’re trying to customize MFA for your applications within Auth0, since if you are trying to integrate Okta I would suggest opening a ticket on the Okta community site.
You have already mentioned it above and the way to go so you can fully customize the MFA experience for your users is using Auth0 Actions. You can fully check our documentation on Customize MFA Selection for Universal Login, which provides all the instructions needed, along with valuable examples. Additionally you can also take a look over the Customize MFA policy with Actions section.
First please make sure that the “Customize MFA Factors using Actions” is ON, then initiate a Post-Login Action that can look similar to this:
exports.onExecutePostLogin = async (event, api) => {
const CLIENT_ID_GUARDIAN_APP = 'YOUR_GUARDIAN_APP_CLIENT_ID';
const current_client_id = event.client.client_id;
if (current_client_id === CLIENT_ID_GUARDIAN_APP) {
// This correctly challenges the user for MFA and presents ONLY the options
// for 'push' (Guardian) and 'recovery-code'.
api.authentication.challengeWithAny([{ type: 'phone'}, { type: 'push-notification' }]);
return;
}
};
You could also condition the event.organization object and compare it with YOUR_ORG_ID**.**
Moreover, you could also follow the steps listed in this Knowledge Base article - Force MFA for One Specific Application.
Thank you!
Best regards,
Remus
Thanks @remus.ivan for your help but in this article Customize MFA Selection for Universal Login I don’t see any push option. But in your code using the push option. Does Okta support the factor as “push”. What different between push and push-notification? I used the push option and I got the error: “Two factors authentication iss required to access this appilcation. To enable this, please contact your system adminstrator”
Hi @nguyenyenictpt,
You are definitely right about this. I have edited the sample code above, which in the context of Auth0 should indeed be presented only as 'push-notification'. As for enabling the recover codes when challenging your users with MFA, this can be done directly from the Auth0 Dashboard - Security - Multi-factor Authentication.
I hope this helps!
Thanks,
Remus