How to get SMS MFA enrollments with full phone numbers

Last Updated: Aug 27, 2024

Overview

How can we get the phone number in the bulk export or within an Action (Hook or Rule)? After retrieving the data, the number is masked like +1 XXXXXXXX1234

Steps to Reproduce

  • Bulk export users

OR

  • Get an Action / Hook / Rule to obtain a token for Management APIv2
  • Obtain the enrollment ID for a given user with one of these options:
    • GET /api/v2/users/{user_id}/authenticators
    • GET /api/v2/users/{user_id}/enrollments ← Gets the first confirmed enrollment
  • If you got all the authenticators (first option), filter the type and name of this JSON response:
[
    {
        "id": "email|***********Va",
        "type": "email",
        "confirmed": false,
        "name": "patr*********************@*******",
        "created_at": "2022-10-04T04:32:30.000Z"
    },
    {
        "id": "sms|************c",
        "type": "sms",
        "confirmed": true,
        "name": "XXXXXXXXXX6333",
        "created_at": "2022-11-04T13:51:46.000Z",
        "last_auth_at": "2022-11-04T13:52:21.000Z"
    }
]

Solution

By default, the Management APIv2 will obfuscate the phone numbers, but you can modify your tenant settings to set the disable_management_api_sms_obfuscation flag to true.
Sample body to PATCH /api/v2/tenants/settings:

{
  "flags": {
    "disable_management_api_sms_obfuscation": true
  }
}

After this, you could repeat the Steps to Reproduce and then you should see the number for each user in the bulk export or within the JSON structure, as it follows:

    {
        "id": "sms|dev_lVJ5hIp2uFtypn5c",
        "type": "sms",
        "confirmed": true,
        "name": "+54 1103034566",
        "created_at": "2022-11-04T13:51:46.000Z",
        "last_auth_at": "2022-11-04T13:52:21.000Z"
    }

NOTE: For SMS, there are no MFA secrets, so it’s not necessary to submit a request to have Engineering do an export.

The Bulk User Export feature can export the MFA factor type, but it does not export the actual enrollments, so use the Auth0 Management APIv2, which can fetch more detailed information about MFA enrollments.

For a visual demonstration, refer to the following video.

Related References