Can you have different 2factor authentication methods for different user roles? Example:
Business User → Uses App authentication for extra security on personal data
Simple User → Uses SMS authentication because don’t have sensitive data
Hey @eiras.lucio welcome to the community!
This should be possible using a Post-Login Action and the event/api objects provided - You’ll want to configure this code to your own needs, and absolutely test in your own environment, but 1 possibility might look something like this:
exports.onExecutePostLogin = async (event, api) => {
// Retrieve roles from event.authorization.roles
const userRoles = event.authorization.roles;
if (!userRoles || userRoles.length === 0) {
// Handle the case where there are no roles assigned
return;
}
// If a user has a specific role, enforce the corresponding MFA.
if (userRoles.includes('admin')) {
// Challenge admin users with a specific MFA factor
api.authentication.challengeWith('mfa-factor-for-admin', {
// Optionally, provide additional options as needed
});
} else if (userRoles.includes('regular_user')) {
// Challenge regular users with a different MFA factor
api.authentication.challengeWith('mfa-factor-for-regular-user', {
// Optionally, provide additional options as needed
});
}
};
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.