Enable MFA per User and Give Users the Option to Turn It On/Off Themselves

Problem statement

Trying to enable MFA per user and give users the option to set it up themselves.

The expected workflow is as follows:

  • User A wants to enable MFA;
  • User B does not want MFA;
  • We want to enable MFA only for User A.
  • Meanwhile, User B should not be affected at all.

Solution

This could be achieved by:

The proper way to add the “should_prompt_mfa” to the user profile at their request would be to create an API endpoint on the application. This API endpoint should be accessible for the logged-in users, and it should be able to switch the user metadata flag to true or false. This could be presented to the users as a toggle on/off type of button.

Related References