Overview
This article details how to toggle MFA enforcement across a tenant via automation.
Applies To
- Multifactor Authentication (MFA)
Solution
This can be achieved via Management API but the exact manner that you achieve this will depend on how you are planning to trigger MFA.
-
Via a tenant-wide policy
If MFA is enforced via a policy at Security > Multi-factor Auth page in the dashboard, this policy can be toggled using the PUT /api/v2/guardian/policies endpoint as described here.
If it is desired to choose Never as the policy, simply pass in an empty array.
-
Via a Post-Login Action
If MFA is enforced conditionally via a Post-Login Action, update and deploy the Action programmatically. Use the following two endpoints for this:
- PATCH /api/v2/actions/actions/{id} - Auth0 Management API v2
- POST /api/v2/actions/actions/{id}/deploy - Auth0 Management API v2
This can also be achieved via tools like Auth0 Deploy CLI and Auth0 Terraform Provider by updating the respective entities.