Enable MFA per org

Hi,

We use Auth0 organizations feature extensively, our login flow is a bit customized when a user logs in they don’t mention the organization instead we fetch organizations from the backend on successful login and use silent authentication to automatically switch user to an organization they are part of. if there are multiple organizations we prompt user and let them select an organization. Recently we wanted to enable MFA for a specific org, we used actions to customize login flow such that we look for a specific metadata attribute in an organization and enforce mfa.

The challenge we are running into is since we don’t prompt the organization when a user logs in, MFA fails when we use silent authentication to switch user to an organization where MFA is enforced. Is there anyway to enable prompt for MFA with silent auth? Here is the rule we are using to enable MFA for specific org

  if(context.organization && context.organization.metadata.mfa_enabled && context.organization.metadata.mfa_enabled === 'true') {
    const completedMfa = !!context.authentication.methods.find(
    (method) => method.name === 'mfa'
  );
 
  if (completedMfa) {
    return callback(null, user, context);
  }
 
  context.multifactor = {
    provider: 'any',
    allowRememberBrowser: false
  };
 
  callback(null, user, context);

Hello @AnilGanivada welcome back to the community!

I apologize for the delayed response, but have you had any luck in getting this to work for your use case? I think this should be possible, although I would recommend looking into using an Action as opposed to a rule.

Let us know where you landed with this and perhaps myself or someone else from the community can help :smile: