How to See the Complete Phone Numbers for MFA SMS Enrollment

Problem statement

By default, the MFA SMS phone number that a user enrolls with will be obfuscated. In instances where an Auth0 Admin needs to see the full phone number, what steps are necessary to achieve this?


By default, the last 4 digits of a phone number are shown when using the following Management API endpoint:


Sample Response:

        "id": "phone|dev_1234abc",
        "type": "phone",
        "confirmed": true,
        "phone_number": "XXXXXXXX1234",
        "created_at": "2024-02-21T16:46:01.333Z",
        "last_auth_at": "2024-02-21T16:46:15.601Z",
        "preferred_authentication_method": "sms",
        "authentication_methods": [
            "id": "sms|dev_1234abc",
            "type": "sms"

Steps to Reproduce

The following endpoint should show the MFA enrollments for a given user. If there is any SMS enrollment, it should be present here:



By updating the following tenant flag via the Management API, the full phone number should then be retrievable :

PATCH /api/v2/tenants/settings

The flag to update:

{ "flags": { "disable_management_api_sms_obfuscation": true } }

After doing this, this endpoint should return the full phone number if the user enrolled in SMS MFA: