How can user change phone number used for MFA

tyf · January 25, 2023, 10:35pm

Hey there @ssp6 welcome to the community!

I think you’re on the right track with this - You want to make sure there is no gap between old and new factor so adding the new one and then deleting the old one in that order is important.

General Idea:

The user accesses the “profile” page and chooses “Change phone number”.

The page checks redirects the user to Auth0 to authenticate and use MFA API as audience. Make sure MFA is enforced to prevent account takeover.

Once the re-auth is completed - Use the MFA token to register the new phone number as a factor and delete the old one (in this order - so that the account doesn’t stay without MFA at all even for a short time).

https://auth0.com/docs/secure/multi-factor-authentication/authenticate-using-ropg-flow-with-mfa/manage-authenticator-factors-mfa-api

Hope this helps!

Topic		Replies	Views
Best practices Change MFA Ph# Help mfa , email-factor	4	729	February 16, 2024
Force user to enroll a new MFA Authenticator using Universal Login Help mfa , mfa-api	0	1143	June 14, 2023
Enrolling multiple factors/authentication methods or changing a user's MFA Knowledge Articles api , mfa-sms , enroll , phone-number , multiple-factors	1	2175	May 17, 2023
Multiple SMS Authentication Factors and changing SMS Knowledge Articles sms , change , multiple-sms-factors	1	758	August 21, 2023
Changing Multifactor Authentication number using access_token Help	2	3919	September 5, 2019

How can user change phone number used for MFA

Related topics