How to Disable MFA for Users Based on a Client Name or Client Id

rueben.tiow · February 9, 2024, 1:06am

Problem statement

This article describes how to disable MFA for users, based on their connection name or ID.

Solution

This requirement can be achieved by making a tenant configuration and then using an Auth0 action.

Ensure the tenant has the Require Multi-factor Auth has been set to any option but Never. Please see Enable MFA in the Auth0 Dashboard.
Then, override the behaviour of the Require Multi-factor Auth setting in an Auth0 Login / Post Login Actions.

See an example code below:

exports.onExecutePostLogin = async (event, api) => {

  const { client_id: app_id, name: app_name } = event.client;

  const noMFA_ClientIds = ['client_id_1', 'client_id_2', 'client_id_3', 'client_id_4'];

  const noMFA_Client_Names = ['client_Name_1', 'client_Name_2', 'client_Name_3', 'client_Name_4'];

  const skipMFA = noMFA_ClientIds.includes(app_id) || noMFA_Client_Names.includes(app_name);

   // disable MFA if skipMFA is true
  if (skipMFA) api.multifactor.enable("none");

};

Note! This is a sample code. Please adapt and test code that fits the particular use case desired.