How to disable MFA using actions?

We have MFA turned on at the tenant level but want to selectively disable MFA based on connectionStrategy or email. How can this be done using actions?

The post-login API object has no method to disable MFA

1 Like

Hey there!

Here’s one of our FAQs for enabling MFA for specific set of users:

Have you had a chance to check it out?

1 Like

The FAQ shows the sample for the reverse case, like how to force MFA for a specific set of users. A similar action like the following can help to disable MFA for a specific set of users by using none instead of any.

exports.onExecutePostLogin = async (event, api) => {

  // uncomment the following if clause in case you want to skip a second factor only for users that have app_metadata.skip_mfa === true

  if (event.user.app_metadata?.skip_mfa){
    api.multifactor.enable('none', {allowRememberBrowser: false});