What I’d like to do now is enforce an “Adaptive” MFA flow—i.e. let Auth0 evaluate risk signals and only prompt when necessary—but I’m not sure which Action API method to call. I’ve tried api.authentication.challengeWithAny and a few variants, but none compile or trigger the adaptive policy.
Can anyone advise how to invoke Adaptive MFA from a post-login action so that it honours my tenant’s risk settings for a given organisation?
Unfortunately, you can’t dynamically enable Auth0’s Adaptive MFA option from Actions. If you want to enforce an Adaptive MFA flow only on one of your organizations, you would need to create your own custom risk evaluation system that will only take the connections to your organization into account. Otherwise, you would have to use the Auth0 Adaptive MFA system in your whole tenant.
If you have any other questions, feel free to reach out.
Hey Vlad, looking at the docs for Customize Adaptive MFA, If I use the confidence property of the riskAssessment do you know if this would match the default implementation of Adaptive MFA.
Also would I have to build out the enrolment process and challenge process aswell or could I use something equivalent to below to handle both?
You can use this template to build your own Adaptive MFA system. You will need to manage the assessments separately and also filter out users based on the organization.