Hi
I’d like to start allowing MFA to those users who want it, but not force it upon everyone. (Changing the MFA to ‘Always‘ appears to prompt everyone to enrol when they log in, so this is not an option.)
Is there a way, possibly with an action, to have a PostLogin event which checks if a user is enrolled in MFA, and if so, then triggers the MFA authentication process on every login? However, for users who are not enrolled (or just signing up), ignore MFA and log them in.
Thanks
Scott
Hi @scotts
Welcome back to the Auth0 Community!
Thank you for posting your question. You can achieve this by creating a Post-Login Action** that inspects the event.user.multifactor array. If this array is not empty (meaning the user is already enrolled), you will use api.multifactor.challenge() to trigger the MFA prompt. If the array is empty, the Action does nothing, and the user logs in seamlessly.
/**
* @param {Event} event - Details about the user and the context of the login.
* @param {PostLoginAPI} api - Interface to modify the login transaction.
*/
exports.onExecutePostLogin = async (event, api) => {
if (event.user.multifactor && event.user.multifactor.length > 0) {
// User is enrolled, so we must challenge them.
api.multifactor.enable('any');
}
};
Thanks
Dawid
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.