We have MFA turned on at the tenant level but want to selectively disable MFA based on connectionStrategy or email. How can this be done using actions?
The post-login API object has no method to disable MFA
We have MFA turned on at the tenant level but want to selectively disable MFA based on connectionStrategy or email. How can this be done using actions?
The post-login API object has no method to disable MFA
Hey there!
Here’s one of our FAQs for enabling MFA for specific set of users:
Have you had a chance to check it out?
The FAQ shows the sample for the reverse case, like how to force MFA for a specific set of users. A similar action like the following can help to disable MFA for a specific set of users by using none
instead of any
.
exports.onExecutePostLogin = async (event, api) => {
// uncomment the following if clause in case you want to skip a second factor only for users that have app_metadata.skip_mfa === true
if (event.user.app_metadata?.skip_mfa){
api.multifactor.enable('none', {allowRememberBrowser: false});
}
};