Different MFA Factor Options Per Organization

Hi,

We’re working on integrating our system with Auth0, and our design makes use of the organizations feature. I was wondering if there was a way to limit which MFA factors an organization could have available. I know that the Actions api object allows us to set the mfa provider, but that doesn’t really do what I’m looking for.

Setting the provider to ‘guardian’ would allow the user to use Push, SMS, or OTP.
What I am hoping for is a way to control whether they can use SMS on a per organization basis. The reasoning is that SMS costs us on our Twilio account, so we want to only opt in specific customers.

Is there a way to do this, or plans to implement something similar?

3 Likes

Yes.

But what I am asking for is a way to control which of these factors are available based on which organization is being used to log in.
Something like api.multifactor.enable('any', {factors: ['otp', 'push']})

Hi @josiah_devizia,

I don’t believe there is a way to do this today. There is a Feedback topic here in the forums where you can submit feature requests.

Mark

I ended up +1’ing this request.

2 Likes

Thanks for doing that!

This is now possible - you can customize the MFA factors that are required for end-users in a variety of different scenarios. See this example which demonstrates how this can be done on a per-Organization basis using Organization metadata.

1 Like

Thanks a lot Adam for sharing it with the rest of community!