Enrol user through MFA after signup

My app is using Universal Login, and I’m trying to create a scenario where a user logs in the app, then goes to its profile page, and then “toggles on” the MFA by SMS.
Can the enrolment of MFA be handled by Universal Login? So I don’t have to manage the integration in my app; when the user clicks on the “Turn on MFA”, the user is redirected to the Auth0 UI for MFA.

I found this: Manage Authenticator Factors with Auth0 MFA API
And so I tried using auth0.loginWithRedirect({ audience: 'mfa' }) without success

  • Which SDK this is regarding: e.g. auth0-react
  • SDK Version: e.g.1.8.0
  • Platform Version: e.g. Node 12.18.0

Thank you

Hi Felix,

Welcome to the Auth0 Community!

Our current recommendation is to use the MFA API and build your own UI, to get the MFA API token you need to add the audience/scope in the /authorize request. For the MFA API, the audience is https://YOUR_DOMAIN/mfa/ (a url format and not just ‘mfa’) and the available scopes are “enroll”, “read:authenticators” and “remove:authenticators”: https://auth0.com/docs/mfa/authenticate-with-ropg-and-mfa/manage-authenticator-factors-mfa-api#universal-login

The scopes will also need adding to your loginWithRedirect() please see the option here: https://auth0.github.io/auth0-react/interfaces/auth0_context.redirectloginoptions.html#scope

Then you can use the various MFA API endpoints to list, enroll and remove authenticators within your own UI. https://auth0.com/docs/login/mfa/ropg-mfa/manage-authenticator-factors-mfa-api#list-authenticators

I hope this helps you get started.

1 Like

Hi Saqib,

Thank you for your answer and the references.
Just to make sure I understand:
When a user that is already enrolled through MFA would log in through Universal Login, the Auth0 UI would be responsible of handling the MFA challenge? But when a user wants to enroll, we have to make our own UI for the initial challenge?

Thanks again, if I go with making my own UI for the enrolment, those links will be handy.

Felix

Hey Felix,

That is correct, there currently isn’t a way to provide self enrolment for MFA with Universal Login out of the box so custom UI is the way to go right now. I would encourage you to complete product feedback for this feature here https://auth0.com/feedback the more demand we get for features the more likely it is to hit the top of the road map :slight_smile:

All the best.

1 Like