We have MFA turned on at the tenant level but want to selectively disable MFA based on connectionStrategy or email. How can this be done using actions?
The post-login API object has no method to disable MFA
1 Like
Hey there!
Here’s one of our FAQs for enabling MFA for specific set of users:
Have you had a chance to check it out?
1 Like
The FAQ shows the sample for the reverse case, like how to force MFA for a specific set of users. A similar action like the following can help to disable MFA for a specific set of users by using none instead of any.
exports.onExecutePostLogin = async (event, api) => {
// uncomment the following if clause in case you want to skip a second factor only for users that have app_metadata.skip_mfa === true
if (event.user.app_metadata?.skip_mfa){
api.multifactor.enable('none', {allowRememberBrowser: false});
}
};