MFA before resetting password


I would like to add MFA (Sending verification code to email) before resetting password.

  1. User clicks on forgot password
  2. User enters email
  3. User gets an email for verification code
  4. User enters verification code
  5. User enters new password and change the password

I have been trying to find out how to call MFA before changing the password, but couldn’t figured this out. I could only find the action template for ‘verified email’ before changing the password. From my understanding, first, it needs to authenticate the user and then call MFA API call. However, user authentication requires a password. Since the user doesn’t know the password, I couldn’t use the same API call as I did after creating/login functionality.
If anyone know how to solve this, I would appreciate it!

Hi @ywaka,

Welcome to the Auth0 Community!

Unfortunately, it is not possible to enforce MFA before changing passwords. However, you can enforce it after they have changed passwords.

For more information, please refer to this related post.


1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.