Overview
This article clarifies how to enforce Multifactor Authentication (MFA) before the password reset page is displayed.
Applies To
- Multifactor Authentication (MFA)
- Password Reset Page
Solution
A reset-password-post-challenge action can be used to enforce MFA challenge after the user clicks the reset-password URL and before the reset password page is displayed.
See Secure password reset with additional MFA factors for example code and further instructions.