Ready to post? 
First, try searching for your answer.
Hi,
I have the following senario, could someone give me advise?
I have MFA enabled in Auth0. If users log in via an external provider (such as Okta or MS Entra) where MFA is also enabled, will they be required to complete MFA twice—once through their external provider and again through Auth0? Is there a way to identify within Auth0 if users have already completed MFA through their external provider?
Regards,
Hi @trung.tang,
Welcome to the Auth0 Community!
Yes, if MFA was configured in both their external identity provider and Auth0, they will be required to complete it twice.
Unfortunately, there’s no way to determine whether users have completed MFA through their external identity provider in Auth0. This is because MFA is happening in two separate places that don’t share the same sessions.
Let me know if you have any questions.
Thanks,
Rueben
Hi Rueben,
Thanks for your reply. I’m trying to use the post login action, and I’m not sure if the following realiable.
Does the authentication method from external login available in the event (I’m using Okta in this case.)?
exports.onExecutePostLogin = async (event, api) => {
const authMethods = event.authentication?.methods || [];
const completedMfa = authMethods.find((method) => method.name === 'mfa');
if (!completedMfa) {
api.multifactor.enable('any', { allowRememberBrowser: true });
}
};
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
Hi @trung.tang,
Yes, you should be able to get the authentication method used during an external login event with Okta. That information will be available during the login event.
Thanks,
Rueben