Last Updated: Sep 24, 2024
Overview
This article describes how to enforce MFA for only one application within the tenant.
Applies To
- Multifactor Authentication (MFA)
- MFA for Applications
Solution
Follow the steps or video below.
NOTE: As the intention is to enforce an MFA challenge for a single application, it is first necessary to set ‘require MFA’ to Never in the tenant settings:
- Login to the Auth0 dashboard.
- Navigate to Security > Multi-factor Auth.
- In the Define Policies box, select the Never option.
Next, an Action can be defined to enforce MFA for one or more applications. This code sample shows how this function might be implemented:
exports.onExecutePostLogin = async (event, api) => {
const CLIENTS_WITH_MFA = [
'{yourClientId1}',
'{yourClientId2}',
'{yourClientId3}'
];
if (CLIENTS_WITH_MFA.includes(event.client.client_id)) {
api.multifactor.enable('guardian', { allowRememberBrowser: false })
}
}
This example makes use of these Action properties:
- the event.client properties of the Event Object
- the api.multifactor.enable(provider, options) properties of the API Object
In this instance, ‘guardian’ has been chosen as the MFA provider, though the other possible options are:
any
Use any of the configured challenges.duo
Use the Duo multifactor provider.google-authenticator
Use the Google Authenticator provider.guardian
Use the Guardian provider.