Overview
Using custom database connections, users can enroll with a Multi-factor Authentication (MFA) factor in an external database and not have to re-enroll when migrating to Auth0.
This article provides an overview of how to import MFA factors for users who already have MFA factors enrolled in an external database. This process is only possible when the import mode is enabled.
Applies To
- Custom Database
- Multi-factor Authentication (MFA)
Cause
Solution
This can be accomplished by providing any existing enrollments in the mfa_factors field of the user that is provided to the callback at the end of your custom DB login script.
Here is an example using MongoDB:
const newUser = {
user_id: user.user_id.toString(),
name: user.name,
email: user.email,
//username: user.username.toString(),
mfa_factors: [
{
totp: {
secret: user.mfa,
},
},
],
};
return callback(null, newUser);
Please note this example is only provided as a reference. It should not be used in production before testing and adapting to the required usecase.
It is possible to import a user’s MFA enrollments with automatic migration (import mode on). The supported enrollment types are:
- Email: for email verification.
- Phone: for SMS verification.
- OTP: for One-Time Passwords (OTPs) used with authenticator applications, such as Google Authenticator.
Importing MFA enrollments provides a seamless user experience since users will not have to re-enroll after migration.
For more information, please consult the Login Script Templates documentation.