Hi,
I have Auth0 setup in which users are forced to provide MFA during login. I have also a requirement that user has to change his password each x days. It is also required that password change happens when user is fully authenticated so after he provides also his MFA.
Is that possibile?
I noticed that even if i implement my own action with redirect to custom password change page, it’s being displayed before MFA. Can this reversed?
Welcome to the Auth0 Community!
We’ve recently delivered a new Action Flow → Password Reset Flow runs during the password reset process when a user completes the first challenge, typically a link to the user’s email, but before a new password is set. You can use this flow to challenge a user with an additional multi-factor authentication (MFA) factor or to redirect the user to an external site, such as a third-party verifier.
If you found this post helpful or interesting, please give it a like 
. Your interaction makes a difference. Have a wonderful day! 
Dawid
Prefer how-to videos instead of written docs? We’ve got you covered! Check out our OktaDev YouTube channel for those helpful resources!