Overview
When Adaptive Multifactor Authentication (MFA) is configured, a custom MFA bypass to allow specific users to avoid enrolling in MFA is not possible. This article provides a potential workaround.
Applies To
- Multifactor Authentication (MFA)
- MFA customization
- Use Adaptive MFA
- Adaptive MFA
Cause
According to the Adaptive MFA documentation:
When Adaptive MFA determines the overall confidence score is low (that the login transaction is high-risk), it requires the user to verify their identity with MFA. If the user is not enrolled in MFA, they are required to complete additional verification before they are eligible to do so.
Solution
- Go to the Auth0 Dashboard > Security > Multi-factor Authentication, scroll to the Define policies section, and select the Never policy under Require Multi-factor Auth section
- Go to MFA Risk Assessors in the same section and toggle ON Enable Adaptive MFA Risk Assessment;
- Risk will be assessed and recorded for all login transactions in your tenant logs. Adaptive MFA Risk Assessment is required for enabling the Adaptive MFA policy, but can also be used to implement custom MFA policies using Actions
- Select Save.
- To begin the customization, use the Adaptive MFA template as a starting point.
