Issue re-enrol user after reset MFA

Hi,

I’m getting issue when trying to re-enrol user MFA after resetting his/her MFA.
It works when re-enrolling the user into authenticator OTP but it keeps on throwing the following error message when I tried with SMS OTP:
Seems that you have already enrolled, try logging in again from the application.

Steps to reproduce:

  1. User is enrolled for OTP
  • email_verified attribute is set to true
  1. Perform Reset MFA on the Auth0 Management Page
  2. Create new MFA Enrollment ticket using the following command:
    management.guardian.tickets.create({
    user_id: ‘{userId}’,
    send_mail: true
    });
  3. User click the link and select SMS as the OTP.

Any idea what could be the issue? Would the mobile number require to be unique that no user would share the same mobile number?

Thanks,

Santo

Here is how I set it up:
uses a custom database login script. where it always set the email_verified property to true.

Once I set the email_verified to false, the SMS OTP is working, but now I have lost ability to OTP using email…

My plan is to always enable email and recovery code but allow user to pick one of the mains - either authenticator or SMS.

Thanks,