How to Disable MFA for Users Based on a Client Name or Client Id

Problem statement

This article describes how to disable MFA for users, based on their connection name or ID.

Solution

This requirement can be achieved by making a tenant configuration and then using an Auth0 action.

  1. Ensure the tenant has the Require Multi-factor Auth has been set to any option but Never. Please see Enable MFA in the Auth0 Dashboard.
  2. Then, override the behaviour of the Require Multi-factor Auth setting in an Auth0 Login / Post Login Actions.

See an example code below:

exports.onExecutePostLogin = async (event, api) => {

  const { client_id: app_id, name: app_name } = event.client;

  const noMFA_ClientIds = ['client_id_1', 'client_id_2', 'client_id_3', 'client_id_4'];

  const noMFA_Client_Names = ['client_Name_1', 'client_Name_2', 'client_Name_3', 'client_Name_4'];

  const skipMFA = noMFA_ClientIds.includes(app_id) || noMFA_Client_Names.includes(app_name);

   // disable MFA if skipMFA is true
  if (skipMFA) api.multifactor.enable("none");

};

Note! This is a sample code. Please adapt and test code that fits the particular use case desired.