We have a login action that triggers the display of an Auth0 form that allows the user to select if we wants to enable MFA, this info is stored in user_metadata and used by another action to trigger the MFA authentication on login. The tennant is configured with Require:never and One time password and email methods for MFA. Once the user enables MFA, the “Secure your account” Auth0 dialog is displayed to scan the QR code to configure an authenticator app. The problem is that when the user has reached this step there is no way to cancel. If the user got here by error or he does not have an authenticator app, or does not want to install one he can not cancel nor can he login. He is stuck and the only way to proceed is having an admin resetting MFA in his profile.
Is there anything that can be done to go back and disable the MFA or at least to let him login using an email one time password only?