Disable enterprise MFA for new users

Hi,

How to disable all enterprise MFA features like “guardian, one-time passwords” for new users but keep them active for current users who are still using those features to log in?

I have the required MFA features enabled

My action looks like this:

exports.onExecutePostLogin = async (event, api) => {
  if (Array.isArray(event.user.multifactor) && event.user.multifactor.length > 0) {
      //any MFA policy for old users
      api.multifactor.enable("any");
  }
  else{
    //google-authenticator for new users
    api.multifactor.enable("google-authenticator");
  }
};

But can’t seem to get it to work.
Please advise.

Thanks!

Hi @ashish.yadav

Thanks for getting in touch with us on Auth0 Community.

The action that you have looks good, please ensure that on the screen Security > “Multi-factor Auth” all original factors are still enabled and under “Define Policies” the section labelled “Require Multi-factor Auth” is set to Never.

I hope this helps.

All the best.