Enable MFA Based on User Connection

Knowledge Solutions
, , , , ,
1

Problem Statement:

We want to enable MFA based on user connections. In the case of external collaboration, we would like to allow login without using MFA on the Auth0 side. In the case of internal authentication, we would like to make it work that MFA is required.

Solution:

Here is the solution:

  1. On the Auth0 Dashboard, Security → Multi-factor Auth, click on “Never” in Define policies. This will prevent all users from being asked for their MFA.
  2. Create a PostLogin action that checks for the connection name and then triggers the MFA if the connection matches. Here is the sample script:
exports.onExecutePostLogin = async (event, api) => {
    if ([event.connection.name](https://event.connection.name/) == "YOUR_CONNECTION_NAME"){
            //Perform MFA
           api.multifactor.enable('any');
    }
};