How to enforce a single MFA for a user

rueben.tiow · August 30, 2022, 4:46pm

Thank you for your clarification.

If SMS and OTP are both enabled for the user, then it is normal to see a message indicating that the user is already enrolled in those factors. Therefore, calling the /mfa/associate endpoint for that user is not needed since they have already enrolled in both SMS and OTP MFA factors.

At this point, you can proceed by calling the /mfa/challenge endpoint for OTP/SMS generation, and verify MFA for OTP/SMS by calling the /oauth/token endpoint.

You should be able to configure more than one MFA factor for a user at a time. Our Enable Multi-Factor Authentication documentation explains that:

“In the Factors section, choose the factors that you want to enable with toggles. Any or all of these factors can be enabled simultaneously.”

Please see these resources on enrolling SMS and OTP MFA:

Thank you.

Topic		Replies	Views
Enrolling in More Than One MFA Factor Knowledge Articles mfa-enrollments , mfa-factors	1	1129	September 8, 2023
How can I force user to configure least 2 MFA methods or specific MFA methods Get Help mfa , mfa-api	4	541	March 22, 2024
Can I configure MFA for a particular application not for all? Get Help mfa , one-time-password-otp-factor	6	1740	April 28, 2023
Different UI for MFA Get Help mfa , one-time-password-otp-factor	2	176	May 30, 2025
Enforce sms as MFA on certain condition Get Help mfa-sms	4	2434	August 24, 2022

How to enforce a single MFA for a user

Related topics