How to disable mfa for a particular user

I have enabled the MFA . But it gets enabled to all the users . How to disable it for some of the users and enable it for the rest.

Hello, @chigullap!

Via the Dashboard interface, you can only toggle MFA on or off for all users. However, we do support the use of MFA for a subset of users. More information on that can be found here:

I’ve linked you to the anchor which will take you on how to create Rules to use MFA, and then you can customize the Rule even further to add an execution criterion of your preference.

Hope that helps!

2 Likes

@joseantonio.rey Thanks for the reply. I have seen the document and created a rule
with below script as in the documentation

function (user, context, callback) {

//var CLIENTS_WITH_MFA = [‘REPLACE_WITH_YOUR_CLIENT_ID’];
// run only for the specified applications
// if (CLIENTS_WITH_MFA.indexOf(context.clientID) !== -1) {
// uncomment the following if clause in case you want to request a second factor only from user’s that have user_metadata.use_mfa === true
if (user.user_metadata && user.user_metadata.use_mfa){
context.multifactor = {
provider: ‘any’,
allowRememberBrowser: false
};
// }
//}

callback(null, user, context);
}

and for one user i have added metadata as use_mfa === true but i see mfa is enabled for everyone

Hello, @chigullap,

Can you please make sure to disable it from the Dashboard? The Rule enables it, but you should turn off the requirement for everyone.

Thanks!

1 Like

@joseantonio.rey Below is the query i have in my rule
.
function (user, context, callback) {

var CLIENTS_WITH_MFA = [‘6fwzMn5PgGCNd3L21oD4ZTx4m3G0zni4’];
// run only for the specified applications
// if (CLIENTS_WITH_MFA.indexOf(context.clientID) !== -1) {
// uncomment the following if clause in case you want to request a second factor only from user’s that have user_metadata.use_mfa === true
// if (user.user_metadata && user.user_metadata.use_mfa){
context.multifactor = {
provider: ‘google-authenticator’,
allowRememberBrowser: false

  };

i have added “use_mfa”: true for one user and for another user i have added as “use_mfa”: false in the user_metadata. I have disabled the mfa from the dashboard. But i still see the MFA page for both users. Only one user should have the page.Can you please help me with that

Hello!

You need to remove the comments (//) from that line in order for it to work :slight_smile:

Don’t forget to ensure that you close that statement.

1 Like

@joseantonio.rey Thanks you very much for your help ! :slight_smile:

1 Like

We are here for you!