I have Auth0 setup in which users are forced to provide MFA during login. I have also a requirement that user has to change his password each x days. It is also required that password change happens when user is fully authenticated so after he provides also his MFA.
Is that possibile?
I noticed that even if i implement my own action with redirect to custom password change page, it’s being displayed before MFA. Can this reversed?
We’ve recently delivered a new Action Flow → Password Reset Flow runs during the password reset process when a user completes the first challenge, typically a link to the user’s email, but before a new password is set. You can use this flow to challenge a user with an additional multi-factor authentication (MFA) factor or to redirect the user to an external site, such as a third-party verifier.
If you found this post helpful or interesting, please give it a like . Your interaction makes a difference. Have a wonderful day!