E-mail MFA is Being Requested While it is Turned Off in the MFA Settings

dan.woda · October 13, 2023, 6:11pm

Problem statement

When a user tries to log in to our application, the e-mail MFA flow is triggered. Our security settings have e-mail MFA turned off, so the user should not be prompted with the e-mail MFA flow.

Symptoms

Email MFA is disabled but some of our users are still prompted to complete an Email challenge after signing in

Steps to reproduce

Turn off Email MFA as a factor from your Multi-Factor Authentication tenant settings
Enable Adaptive MFA as your tenant wide policy
If a user without an MFA enrollment triggers Adaptive MFA, they will be prompted to complete the Email MFA challenge

Cause

When Adaptive MFA is triggered for users without an MFA factor enrolled, they will be prompted to complete an Email challenge before being asked to enroll in an MFA factor. This is outlined in our Adaptive MFA documentation, which includes a handy flow diagram:

Solution

This behavior is expected when Adaptive MFA is triggered for a user without an existing MFA enrollment.

Topic		Replies	Views
Requirements for Enabling Adaptive MFA Knowledge Articles mfa , management-api , adaptive-mfa	1	2521	July 26, 2022
Login asks for email verification even if users "email_verified" is true Help login , email-verification	4	2835	February 2, 2023
E-mail confirmation flow is triggering MFA enroll routine but it wasn't expect to do it Help login-experience , login-prompt-new-experience	1	222	March 29, 2024
Use Rule to disable MFA Help mfa	4	4064	June 28, 2022
Users Are Not Prompted to Use MFA after Enrolling a Factor Knowledge Articles mfa , rule , prompt , action , remember-device	1	1845	August 30, 2022