Is it by design that Auth0 prevents users from enrolling in the email factor when they are JIT-created through SAML federation? Our organization aims for SAML federated users to have the option to enroll in both and be challenged with both Phone and Email factors. Can you help me out here. @rueben.tiow
Because of this reason, it’s not possible to configure email to be the first MFA enrollment option and will default to the most secure factor enabled. Please see this knowledge solution which addresses this.
We acknowledge the inherent insecurity of email as a means of authentication. My question is: Auth0 should give the same MFA enrollment behavior as Username/Password for SAML federated user. If its Username/Password user record then email MFA is auto registered but there is no option at all for SAML federated. We work with lot of customer organizations who are heavily on email, looking for some way to use Email MFA.