Force MFA on Every Log In via Actions

Problem statement

How to enforce MFA on every log-in via Actions.

Solution

To force MFA on every log-in when using actions, remove the ‘30 days checkbox’, which is how the Multifactor Authenticator flow is started and needs to be changed.

  1. Set the ‘Require Multi-factor Auth’ Policy to ‘Never’ (Enable Multi-Factor Authentication)
  2. Trigger the flow using a ‘Post-Login’ Action (Login Flow ) with the following code:
exports.onExecutePostLogin = async (event, api) => {
    api.multifactor.enable("any", {allowRememberBrowser: false});
};