Different MFA Factor Options Per Organization

Hi,

We’re working on integrating our system with Auth0, and our design makes use of the organizations feature. I was wondering if there was a way to limit which MFA factors an organization could have available. I know that the Actions api object allows us to set the mfa provider, but that doesn’t really do what I’m looking for.

Setting the provider to ‘guardian’ would allow the user to use Push, SMS, or OTP.
What I am hoping for is a way to control whether they can use SMS on a per organization basis. The reasoning is that SMS costs us on our Twilio account, so we want to only opt in specific customers.

Is there a way to do this, or plans to implement something similar?

2 Likes

Yes.

But what I am asking for is a way to control which of these factors are available based on which organization is being used to log in.
Something like api.multifactor.enable('any', {factors: ['otp', 'push']})

Hi @josiah_devizia,

I don’t believe there is a way to do this today. There is a Feedback topic here in the forums where you can submit feature requests.

Mark

I ended up +1’ing this request.

2 Likes

Thanks for doing that!