Disabling MFA via rules for already enroled users

Hi Team,

I have enabled MFA for my tenant via rule. And is there any way to disable the same for those already enroled? And enable it if we found any anomalies ?


Hi @shilpa.kumar,

You can set up contextual MFA, which allows you to trigger MFA for users who have particular flag, or under certain conditions like an IP change.

Hi Dan,

Is there any provision other than cookie based solution?


With contextual MFA you can set up challenges based on a lot of factors. It is pretty much open to your imagination and the limitations of the rules environment. Remember browser is a feature you can add to contextual MFA, not the only context for bypassing. It might be more helpful if you tell us what you require, specifically. :smiley:

1 Like

Thanks Dan.
Can i get any sample rules which will helps in disabling the MFA (other than allowRememberBrowser) for users already enrolled and enabling it in case of any anomalies?

Can you describe the anomalies you would like to trigger MFA for?

Hi Dan,

I would like to add “Brute Force and Password Breach”


You can add those features by toggling them on, but there is no MFA feature that is linked to them. You will have to use rules to configure the conditions for which you prompt for MFA. If you want a similar functionality, you could store the user’s IP in app_metadata and trigger MFA if it changes.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.