Force user to change password after MFA


I have Auth0 setup in which users are forced to provide MFA during login. I have also a requirement that user has to change his password each x days. It is also required that password change happens when user is fully authenticated so after he provides also his MFA.

Is that possibile?

I noticed that even if i implement my own action with redirect to custom password change page, it’s being displayed before MFA. Can this reversed?

Hi @piotr.zgadzaj

Welcome to the Auth0 Community!

We’ve recently delivered a new Action Flow → Password Reset Flow runs during the password reset process when a user completes the first challenge, typically a link to the user’s email, but before a new password is set. You can use this flow to challenge a user with an additional multi-factor authentication (MFA) factor or to redirect the user to an external site, such as a third-party verifier.

If you found this post helpful or interesting, please give it a like :+1: . Your interaction makes a difference. Have a wonderful day! :sun_with_face:


:video_camera: Prefer how-to videos instead of written docs? We’ve got you covered! Check out our OktaDev YouTube channel for those helpful resources!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.