As seen above, its pretty straightforward. But I would like to understand why when enrollWith runs, the options of Skip or Remind me later doesn’t show up. When MFA actions isn’t enabled, then the default biometric template shows the options.
Am i missing any other configuration? Please help.
This is actually the expected outcome in both scenarios, as I have tested this as well.
The reason why you are observing this behavior when enabling MFA via the Dashboard is because the WebAuthn with Device Biometrics for MFA can not be used as a stand alone MFA factor, so users must first enroll in a “traditional” method such as an Authenticator App or SMS. Auth0 tries asking users to “Log in faster on this device” after they’ve already completed another MFA factor (like SMS), thus the “Remind me later” option.
As described in the above mentioned documentation:
When you enable WebAuthn with Device Biometrics, Auth0 will try to progressively enroll all of an end-user’s WebAuthn-capable devices.
This outlines the Progressive Enrollment process, while this MFA factor is an optional addition in the meantime.
On the other hand, when using Actions for enabling MFA for your users, the api.authentication.enrollWith() type methods explicitly enforce users to go through the specified MFA factor. Given that the system treats it as a mandatory instruction, the users can not choose to “Skip” this step.
Thank you for the reply. Say I disable the MFA Actions, which would mean the options of “Remind me later” and “Not on this device” will show up.
I was able to find the below
Remind me later
Skips enrollment and prompts for enrollment again in two weeks
Not on this device
Does not prompt enrollment for 1 year or as long as the Auth0 cookies are stored in the users’ browser
Is there any way to change this configuration. What if I want to show the Biometric screen after 2 days if the user had selected the option “Remind me later”.
If this option is made available, then it would be easy to remind the user of Biometric feature on regular basis.
I totally understand the need of having more flexibility in this use case.
Unfortunately for the moment the Remind me later button is specifically designed to come up once in 2 weeks only and this option is not yet configurable.
However, I would strongly encourage you to create a Product feedback request, providing details on the flexibility and configurability of the Remind me later button in this type of use case, since I have seen that other members are interested in the same subject as well, so it might accumulate multiples votes and be considered as a possible future addition.