How to Disable MFA for Users Based on a Client Name or Client Id

rueben.tiow · February 9, 2024, 1:06am

Problem statement

This article describes how to disable MFA for users, based on their connection name or ID.

Solution

This requirement can be achieved by making a tenant configuration and then using an Auth0 action.

Ensure the tenant has the Require Multi-factor Auth has been set to any option but Never. Please see Enable MFA in the Auth0 Dashboard.
Then, override the behaviour of the Require Multi-factor Auth setting in an Auth0 Login / Post Login Actions.

See an example code below:

exports.onExecutePostLogin = async (event, api) => {

  const { client_id: app_id, name: app_name } = event.client;

  const noMFA_ClientIds = ['client_id_1', 'client_id_2', 'client_id_3', 'client_id_4'];

  const noMFA_Client_Names = ['client_Name_1', 'client_Name_2', 'client_Name_3', 'client_Name_4'];

  const skipMFA = noMFA_ClientIds.includes(app_id) || noMFA_Client_Names.includes(app_name);

   // disable MFA if skipMFA is true
  if (skipMFA) api.multifactor.enable("none");

};

Note! This is a sample code. Please adapt and test code that fits the particular use case desired.

Topic		Replies	Views
How to disable MFA using actions? Help mfa , mfa-api	2	3060	February 17, 2023
Api.multifactor.disable Help mfa , mfa-api	4	280	May 1, 2024
Disable MFA for enterprise connection Help mfa , mfa-api	2	1947	May 12, 2023
Allow user to setup MFA if not yet setup Help mfa , mfa-prompt-new-experience	2	515	November 16, 2023
How to Enable MFA for a Subset of Users Knowledge Articles mfa , management-api , users , rule , user-profile , actions , use-mfa	1	9271	July 22, 2022

How to Disable MFA for Users Based on a Client Name or Client Id

Problem statement

Solution

Related Topics