Enforce MFA on the Password Reset Page

auth0.knowledge3 · September 13, 2024, 6:57pm

Overview

This article clarifies how to enforce Multifactor Authentication (MFA) before the password reset page is displayed.

Applies To

Multifactor Authentication (MFA)
Password Reset Page

Solution

A reset-password-post-challenge action can be used to enforce MFA challenge after the user clicks the reset-password URL and before the reset password page is displayed.

See Secure password reset with additional MFA factors for example code and further instructions.

Topic		Replies	Views
Is MFA feature available for Password Reset flow Get Help login-experience , reset-password-prompt-new-experience	1	436	January 30, 2024
Force user to change password after MFA Get Help mfa , policies-configuration	2	1393	August 31, 2023
Enable/redirect to MFA page after a password is reset Get Help mfa , mfa-api	2	89	April 29, 2025
MFA before resetting password Get Help mfa , one-time-password-otp-factor	2	1253	January 2, 2024
Force MFA on Every Log In via Actions Knowledge Articles actions , multifactor , mfa-enforcement	1	504	February 6, 2024

Enforce MFA on the Password Reset Page

Overview

Applies To

Solution

Related topics