Enable 2FA only on selected applications

Hi guys, I managed enabling 2fa on general settings on:
security → multi-factor-auth → phone message.

Now , all my existing applications implements 2fa.
How can enable 2fa only on desired applications ?
Thanks.

Hello @leandro !

You can accomplish this by using a Post Login Action - Something like this:

exports.onExecutePostLogin = async (event, api) => {

  //enforce mfa for specific client_id(s)
  const mfaApp1 = "client_id_1";
  const mfaApp2 = "client_id_2";

   if (event.client.client_id === mfaApp1 || mfaApp2) {
    console.log(`enforcing mfa for: ${event.client.client_id}`)
    api.multifactor.enable(`any`);
   } else {
     console.log(`mfa not enforced for: ${event.client.client_id}`)
   }
};

Important note - You’ll need to set to require MFA to Never in your tenant → Security → Multi-factor Auth in order for this to work.

Hope this helps!