Hi @rafael4,
Welcome back to the Auth0 community and sorry for the late reply
As you have mentioned as well, the 10 minutes expiration time for the /mfa audience token can not be modified due to security reasons within Auth0, being specified here in our documentation.
However, if you solicit a MFA token only when a user is engaged in enrolling or removing authenticators, they will not be generally logged out of the application after 10 minutes, but only if they fail to manage their MFA in this timeframe.
Additionally you can also check this community post.
I hope this clarified the situation.
Thanks,
Remus