Force MFA on Every Log In via Actions

rueben.tiow · February 6, 2024, 11:37pm

Problem statement

How to enforce MFA on every log-in via Actions.

Solution

To force MFA on every log-in when using actions, remove the ‘30 days checkbox’, which is how the Multifactor Authenticator flow is started and needs to be changed.

Set the ‘Require Multi-factor Auth’ Policy to ‘Never’ (Enable Multi-Factor Authentication)
Trigger the flow using a ‘Post-Login’ Action (Login Flow ) with the following code:

exports.onExecutePostLogin = async (event, api) => {
    api.multifactor.enable("any", {allowRememberBrowser: false});
};

Topic		Replies	Views
Configuring MFA Flow to require MFA once per session with Actions Knowledge Articles mfa , extensibility , actions	1	2922	June 14, 2022
Force MFA for One Specific Application Knowledge Articles actions , applications , mfa-enablement , action	1	3041	January 26, 2023
Enforce MFA with specific factors using Actions Help mfa , policies-configuration	7	2304	January 8, 2024
MFA is always required Help mfa , one-time-password-otp-factor	2	31	November 6, 2024
Post-login action and MFA Help mfa , mfa-prompt-new-experience	3	481	May 24, 2024

Force MFA on Every Log In via Actions

Problem statement

Solution

Related Topics