Hi everyone,
We’re in the process of enhancing our MFA flow. Currently, most of our users are already enrolled with SMS as their MFA method. We’re now implementing OTP (Authenticator App) and want to transition all users toward using it for better security.
What we’re doing:
- For new users, we already enforce OTP directly using
api.authentication.enrollWith({ type: 'otp' })
. - For existing users enrolled with SMS but not OTP, we plan to enforce OTP enrollment soon after a successful SMS login.
The challenge:
Before enforcing OTP enrollment, we’d like to show a message or confirmation prompt (e.g., “We’re migrating to OTP for better security — you’ll need to enroll now”) so users aren’t surprised when they hit the enrollment screen.
Ideally, this would be shown:
- Inside Universal Login or the MFA flow itself
- Without relying on custom JS injection or redirecting users to our own frontend
Is there any supported way to show this kind of notice or interstitial step before enforcing enrollment of a second factor (OTP) using Auth0’s New Universal Login?
Thanks in advance for your help!