Force MFA for one specific application

Problem statement

How to enable MFA for only one application in the tenant?


You can selectively enforce MFA using Rules for a single application.

Here is a sample rule that will allow you to enforce MFA authentication against a specific client application:

However, the preferred method of implementation would be to use Actions. In particular, you would need to create a custom Login flow:

Depending on your requirements, you may need to reference:

  • the event.client and event.authentication properties of the Event Object
  • the api.multifactor and api.multifactor.enable(provider, options) properties of the API Object

This community post gives the solution.