"MFA every X days" without Adaptive MFA

markd · July 21, 2023, 1:52pm

I’m trying to figure out how to write an Action (or Rule if necessary) that implements the following logic:

if new device:
  require mfa
else if last MFA was more than 7 days ago:
  require mfa

The gist: require the user to MFA at least every 7 days, but also capture cases where there’s no evidence of having previously MFA’d from the device/browser in question.

dan.woda · July 24, 2023, 6:28pm

Hi @markd,

Check out the NewDevice object:

event.authentication.riskAssessment.assessments.NewDevice.confidence

For this, you’ll need to set up a way to store and check for the last time a user was able to authenticate with MFA. I think you could use app_metadata for this.

Topic		Replies	Views
Is there a way to set Adaptive MFA in Auth0 (CIC) to demand MFA after a fixed elapsed time? Get Help mfa , adaptive-mfa	2	75	February 27, 2025
Change Remember device for 30 days to 7 days Get Help mfa , phone-factor	1	1691	March 20, 2023
User keeps getting asked to MFA, even though "remember device" is selected Get Help mfa	0	1622	August 23, 2022
Using Last Logine Timestamp Get Help mfa , adaptive-mfa	2	1084	July 28, 2023
Disable MFA for some logins for a user Get Help mfa , mfa-sms , adaptive-mfa	4	3711	November 18, 2024

"MFA every X days" without Adaptive MFA

Related topics