Enable 2FA only on selected applications

Hello @leandro !

You can accomplish this by using a Post Login Action - Something like this:

exports.onExecutePostLogin = async (event, api) => {

  //enforce mfa for specific client_id(s)
  const mfaApp1 = "client_id_1";
  const mfaApp2 = "client_id_2";

   if (event.client.client_id === mfaApp1 || mfaApp2) {
    console.log(`enforcing mfa for: ${event.client.client_id}`)
    api.multifactor.enable(`any`);
   } else {
     console.log(`mfa not enforced for: ${event.client.client_id}`)
   }
};

Important note - You’ll need to set to require MFA to Never in your tenant → Security → Multi-factor Auth in order for this to work.

Hope this helps!

3 Likes