Enable 2FA only on selected applications

Hi guys, I managed enabling 2fa on general settings on:
security → multi-factor-auth → phone message.

Now , all my existing applications implements 2fa.
How can enable 2fa only on desired applications ?
Thanks.

Hello @leandro !

You can accomplish this by using a Post Login Action - Something like this:

exports.onExecutePostLogin = async (event, api) => {

  //enforce mfa for specific client_id(s)
  const mfaApp1 = "client_id_1";
  const mfaApp2 = "client_id_2";

   if (event.client.client_id === mfaApp1 || mfaApp2) {
    console.log(`enforcing mfa for: ${event.client.client_id}`)
    api.multifactor.enable(`any`);
   } else {
     console.log(`mfa not enforced for: ${event.client.client_id}`)
   }
};

Important note - You’ll need to set to require MFA to Never in your tenant → Security → Multi-factor Auth in order for this to work.

Hope this helps!

3 Likes

Is it possible to check some option on administration panel ?

There unfortunately is not an easy way to accomplish this on an app by app basis from the dashboard - This could be a good candidate for a feedback request. We monitor these closely for community engagement.

Ok , and what about management api ?
would be worthly to investigate ?

The Management API essentially mirrors what’s available in the Dashboard and thus doesn’t provide a way to enable/disable MFA on an app by app basis - You can see what is supported by the Management API here:

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.