I want my users to be prompted for OTP setup, but be able to fallback to email as 2FA if needed, such as the “Try Another Method”.
My users should be encouraged to sign-up for OTP/push-notifications without being required to.
Currently, my users do not require MFA when signing in (prior to Auth0 deployment), I would prefer a slower, phased approach to getting users enrolled rather than a waterfall of OTP requirements.
Similar to how Google will remind you to setup recovery information or enable MFA when signing in.
I had an action using “api.authentication.challengeWithAny([{ type: ‘email’ }, { type: ‘otp’ }]);” but this did not seem to do anything.
I did read here: Configure Email Notifications for MFA
That “You can only enable email as an MFA factor if there is already another factor enabled.”
Guessing that’s why the challenge is not working.