Decision making for MFA frequency per organization

mikhail.ilfirovych · October 20, 2022, 5:14pm

Hello,

I am looking for help with getting information about an user’s login during in Action.
I am new to Auth0 so I went over Google searches, this community and documentation but I still can’t find required info.

I have a requirement to enable different MFA settings for different organizations.
I am using Action to make a decision if MFA is enabled to a specific organization.
Example taken from
https://community.auth0.com/t/feature-request-different-mfa-policies-by-organization/71529/1
Each organization is going to have their own settings related to MFA, like

Lock an user after X failed mfa verifications
Do not ask for MFA if last successful login was within X time (hours, days, …)

Is there a way, maybe not with Action, to know when was a last successful login (including MFA verification) and how many times the user failed MFA verification?

Thanks

dan.woda · October 28, 2022, 4:50pm

Hi @mikhail.ilfirovych,

As you’ve noticed from the feature request linked, you can use Actions to control MFA behavior on a per-org basis. The user’s app_metadata can be a helpful place to store information like when the last successful login was, or when a user completed MFA.

If you have other ideas or requirements that aren’t currently possible, it would be helpful to add them to the feature request you linked.

Thanks!

system · November 11, 2022, 4:50pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.