I am currently working on an application that, among other things, side loads a number of users into our backend database. Each of these users needs to be added to our Auth0 tenant database as well. So, I used the management API’s create user function to create these users in Auth0.
Now, the following additional requirements are needed to be fulfilled:
-
A user must not have a password initially and will have to set their own password, preferably after receiving an email instructing them to do so. In other words, the user must not be allowed to login until they have set their own password.
-
Every user must be enrolled for multifactor authentication by default using their phone number in our local database, without asking the user to manually do so.
-
Password must be set to expire in 90 days, once a user’s password expires, the user will no longer be able to login without resetting their password.
-
Custom password policy related to password length, special characters, etc.
I need to know whether all of these requirements can be handled using Auth0 and to what extent.