There is no built-in feature in Auth0 that prevents multiple logins from different sessions or allows you to bypass login and MFA if the user is already logged in another session
However, there are some possible workarounds that you can try:
-
Use a custom domain for the customer-facing application and use your Auth0 canonical domain for the admin application. The different domains allow for the two sessions to exist at the same time.
-
Set allowRememberBrowser to true when enabling MFA. This will allow the user to skip MFA for 30 days by storing a cookie in the user’s browser. You can also set acr_values to when calling the /authorize endpoint to require MFA.
Hope this helps