Disable MFA for some logins for a user

rajivk · August 10, 2022, 6:33pm

On first login, we want the users to follow custom MFA(through redirection in login action). After that we want to enforce auth0 MFA. So when users login first time, we do not want Auth0 mfa to kick in. We have setup MFA Always from settings.

Temporary solution: We have set MFA as Never and on first login we redirect user from action for custom mfa and afterwards we enforce MFA by setting api.multifactor.enable('Any').

Is there any solutions like setting mfa to none first time and next time onwards, it keeps on enforcing because of the Always setting?

josiah_devizia · August 10, 2022, 7:06pm

You can set the provider to none to bypass the mfa policy I believe.

Note, this doc is about rules, but Actions are the recommended extensibility path. I assume it works the same, but you may want to verify first.

rajivk · August 11, 2022, 2:17pm

We already tried, it throws an error. But there should be something corresponding to this in actions as well. Action document does not mention none as provider.

Fails for action: