Dear All,
I have searched enough in auth0 community threads related to disabling MFA for particular user but enabled for other users.
I referred to this thread How to disable mfa for a particular user - #4 by chigullap but of no luck.
In my application; we enable MFA not from the Tenants Dashboard setting; rather via URL arguments to auth0 when user enters username and password.
The argument we pass is acr_values=‘aal2’ this argument automatically enables MFA prompt (SMS based) dialog for user to enter code.
Even though i have created a Rule and added the code as mentioned in thread said above; my application when logging by specific user is prompting for the MFA dialog.
In the Logs; i get error “Failed Silent Auth” with content as shown:
{
"date": "2022-07-13T11:35:53.943Z",
"type": "fsa",
"description": "Login required",
"client_id": "xxxxxxxxz2qhHMGZxxxxxxxxxxxx",
"client_name": "xx-xx-Web-App",
"ip": "165.225.122.229",
"user_agent": "Chrome 103.0.0 / Windows 10.0.0",
"details": {
"body": {},
"qs": {
"redirect_uri": "https://app.azurewebsites.net/dashboard",
"client_id": "xxxxxxxxz2qhHMGZxxxxxxxxxxxx",
"connection": "main-tenant-oidc",
"scope": "openid profile email offline_access",
"audience": "https://xxx.abc.com",
"acr_values": "aal2",
"response_type": "code",
"response_mode": "web_message",
"state": "eUI1U1RQYX41czNMTXNoxxxxx",
"nonce": "MUc4QkswWVdMfmN0Nxxxx",
"code_challenge": "paVzzjEtSpkm9N7ZgyJ7gxxxxxxxxxx",
"code_challenge_method": "S256",
"prompt": "none",
"auth0Client": "eyJuYW1lIjoiQGF1dGgwL2F1dGgwLWFuZxxxxxx"
},
"connection": null,
"error": {
"message": "Login required",
"oauthError": "login_required",
"type": "oauth-authorization"
},
"riskAssessment": null
},
"hostname": "xxxx.auth0.com",
"audience": "https://xxx.api.xxx.com",
"scope": [
"openid",
"profile",
"email",
"offline_access"
],
"auth0_client": {
"name": "@auth0/auth0-angular",
"version": "1.9.0"
},
"log_id": "90020220713113554103135163004995678475438",
"_id": "9002022071311355410313516300499567847543852",
"isMobile": false,
"id": "90020220713113554103135163004995678475438522"
}
So what else to do in order to disable MFA for particular user?
Thanks for all help