Login asks for email verification even if users "email_verified" is true

We have a need to disable email verification for some created users. We have created them and added them to a connection. Then we manually from the Auth0 management dashboard verify the email. But still when logging in with that user, after entering credentials Auth0 asks for the code from a verification email.

Any help on this please?

Hi @tonto ,

Welcome to the Auth0 Community!

If I understand correctly, the user is requested to enter the code from a verification email after entering their credential.

I believe this is due to MFA Email being enabled. Could you please go to Security → Multi-Factor Auth, and check if “Email” is enabled and if “Always” under “Define Policies” is checked?

Thanks!

Hello @lihua.zhang

The “Email” option in Multi-Factor Auth is enabled, and “Use Adaptive MFA” is set as the policy. But the weird thing is why the verification code from email is required when logging in even if the user has “email_verified” set to true?

Hi @tonto ,

Thank you for the updates. The verification email using code was sent under the following two conditions highlighted below:




I checked your tenants, the code-based email verification flow is not enabled. So I believe that the email was sent due to the Adaptive MFA policy.

The Adaptive MFA will trigger MFA (in your case, it’s the verification email with code) when Auth0 determines that an attempted login is risky and to record tenant log events for all login transactions. Here are some reference articles.

If selecting “Never” (instead of “Use Adaptive MFA”), users will not receive such emails moving forward. I suggest you discuss this further with your team and your Technical Account Manager about the next step in case this is the use case you want to achieve.


Any other queries I can help with?