How to Automatically Turn On and Off the MFA in the Tenant

gabriela.pantea · July 23, 2024, 6:58pm

Overview

This article details how to toggle MFA enforcement across a tenant via automation.

This can be achieved via Management API but the exact manner that you achieve this will depend on how you are planning to trigger MFA.

Via a tenant-wide policy

If MFA is enforced via a policy at Security > Multi-factor Auth page in the dashboard, this policy can be toggled using the PUT /api/v2/guardian/policies endpoint as described here.

If it is desired to choose Never as the policy, simply pass in an empty array.
Via a Post-Login Action

If MFA is enforced conditionally via a Post-Login Action, update and deploy the Action programmatically. Use the following two endpoints for this:
- PATCH /api/v2/actions/actions/{id} - Auth0 Management API v2
- POST /api/v2/actions/actions/{id}/deploy - Auth0 Management API v2

This can also be achieved via tools like Auth0 Deploy CLI and Auth0 Terraform Provider by updating the respective entities.

Topic		Replies	Views
Force MFA on Every Log In via Actions Knowledge Articles actions , multifactor , mfa-enforcement	1	439	February 6, 2024
Force MFA for One Specific Application Knowledge Articles actions , applications , mfa-enablement , action	1	3042	January 26, 2023
How to disable MFA using actions? Help mfa , mfa-api	2	3104	February 17, 2023
MFA turn on off despite application - rules Help mfa	3	1184	October 25, 2022
How to Enable MFA for a Subset of Users Knowledge Articles mfa , management-api , users , rule , user-profile , actions , use-mfa	1	9353	July 22, 2022