Overview
When accessing the login page, the option Remember Device for 30 days is presented to users. The requirement is to remove this option to prevent users from selecting it during the login process.
Solution
To disable the Remember Device for 30 days checkbox, a post-login Action must be implemented to enforce a custom Multi-Factor Authentication (MFA) policy. This involves adding a script to the Auth0 environment.
- Navigate to the Auth0 dashboard and select Actions from the side menu, then choose Library .
- Click on Create Action and select Build from scratch .
- Enter a descriptive name for the action in the Name field, set the Trigger field to Login /Post Login , choose Node 18 for the Runtime , and click Create .
Paste the following Action code into the editor:
exports.onExecutePostLogin = async (event, api) => {
api.multifactor.enable("any",{allowRememberBrowser:false});
}
4. Click Save Draft and then Deploy.
5. Return to the Actions " menu and select Flows.
6. Click on Login.
7. Under Add Actions on the right side of the screen, click on Custom.
8. Drag and drop the previously created Action to the position between Start and Complete.
9. Click Apply to enforce the changes.
By following these steps, the “Remember Device for 30 days” checkbox will be disabled, and users will not see this option during the login process.