How to Disable MFA for Users Based on a Client Name or Client Id

rueben.tiow · February 9, 2024, 1:06am

Problem statement

This article describes how to disable MFA for users, based on their connection name or ID.

Solution

This requirement can be achieved by making a tenant configuration and then using an Auth0 action.

Ensure the tenant has the Require Multi-factor Auth has been set to any option but Never. Please see Enable MFA in the Auth0 Dashboard.
Then, override the behaviour of the Require Multi-factor Auth setting in an Auth0 Login / Post Login Actions.

See an example code below:

exports.onExecutePostLogin = async (event, api) => {

  const { client_id: app_id, name: app_name } = event.client;

  const noMFA_ClientIds = ['client_id_1', 'client_id_2', 'client_id_3', 'client_id_4'];

  const noMFA_Client_Names = ['client_Name_1', 'client_Name_2', 'client_Name_3', 'client_Name_4'];

  const skipMFA = noMFA_ClientIds.includes(app_id) || noMFA_Client_Names.includes(app_name);

   // disable MFA if skipMFA is true
  if (skipMFA) api.multifactor.enable("none");

};

Note! This is a sample code. Please adapt and test code that fits the particular use case desired.

Topic		Replies	Views
Enable MFA Based on User Connection Knowledge Articles mfa , connection , extensibility , actions , mfa-enablement	1	2393	June 17, 2022
How to disable MFA using actions? Help mfa , mfa-api	2	3104	February 17, 2023
Api.multifactor.disable Help mfa , mfa-api	4	291	May 1, 2024
Disable MFA for enterprise connection Help mfa , mfa-api	2	1969	May 12, 2023
Use Rule to disable MFA Help mfa	4	4058	June 28, 2022

How to Disable MFA for Users Based on a Client Name or Client Id

Problem statement

Solution

Related Topics