Enforce MFA on the Password Reset Page

Overview

This article clarifies how to enforce Multifactor Authentication (MFA) before the password reset page is displayed.

Applies To

  • Multifactor Authentication (MFA)
  • Password Reset Page

Solution

A reset-password-post-challenge action can be used to enforce MFA challenge after the user clicks the reset-password URL and before the reset password page is displayed.

See Secure password reset with additional MFA factors for example code and further instructions.