Problem statement
How to enforce MFA on every log-in via Actions.
Solution
To force MFA on every log-in when using actions, remove the ‘30 days checkbox’, which is how the Multifactor Authenticator flow is started and needs to be changed.
- Set the ‘Require Multi-factor Auth’ Policy to ‘Never’ (Enable Multi-Factor Authentication)
- Trigger the flow using a ‘Post-Login’ Action (Login Flow ) with the following code:
exports.onExecutePostLogin = async (event, api) => {
api.multifactor.enable("any", {allowRememberBrowser: false});
};