Decision making for MFA frequency per organization

Hello,

I am looking for help with getting information about an user’s login during in Action.
I am new to Auth0 so I went over Google searches, this community and documentation but I still can’t find required info.

I have a requirement to enable different MFA settings for different organizations.
I am using Action to make a decision if MFA is enabled to a specific organization.
Example taken from
https://community.auth0.com/t/feature-request-different-mfa-policies-by-organization/71529/1
Each organization is going to have their own settings related to MFA, like

  • Lock an user after X failed mfa verifications
  • Do not ask for MFA if last successful login was within X time (hours, days, …)

Is there a way, maybe not with Action, to know when was a last successful login (including MFA verification) and how many times the user failed MFA verification?

Thanks

1 Like

Hi @mikhail.ilfirovych,

As you’ve noticed from the feature request linked, you can use Actions to control MFA behavior on a per-org basis. The user’s app_metadata can be a helpful place to store information like when the last successful login was, or when a user completed MFA.

If you have other ideas or requirements that aren’t currently possible, it would be helpful to add them to the feature request you linked.

Thanks!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.