Problem statement
This article describes how to disable MFA for users, based on their connection name or ID.
Solution
This requirement can be achieved by making a tenant configuration and then using an Auth0 action.
- Ensure the tenant has the Require Multi-factor Auth has been set to any option but Never. Please see Enable MFA in the Auth0 Dashboard.
- Then, override the behaviour of the Require Multi-factor Auth setting in an Auth0 Login / Post Login Actions.
See an example code below:
exports.onExecutePostLogin = async (event, api) => {
const { client_id: app_id, name: app_name } = event.client;
const noMFA_ClientIds = ['client_id_1', 'client_id_2', 'client_id_3', 'client_id_4'];
const noMFA_Client_Names = ['client_Name_1', 'client_Name_2', 'client_Name_3', 'client_Name_4'];
const skipMFA = noMFA_ClientIds.includes(app_id) || noMFA_Client_Names.includes(app_name);
// disable MFA if skipMFA is true
if (skipMFA) api.multifactor.enable("none");
};
Note! This is a sample code. Please adapt and test code that fits the particular use case desired.