MFA for login only


Is it possible to turn on MFA only on the login but not on the create new user?


Hey there @charles.nguyen-viet !

I just want to clarify the expected behavior here - When a user goes to sign up for your application (and subsequently log in) you’d like to forego MFA. However, on all subsequent logins you wish for MFA to be in place?

If this is the case, you should be able to achieve this by working within a Post Login Action - The following action is a simple example of only challenging a user for MFA after their initial login:

exports.onExecutePostLogin = async (event, api) => {
  // Check if it's not the user's first login
  if (event.stats && event.stats.logins_count > 1) {
    // Trigger MFA challenge

Hi @tyf ,

Thank you for your reply.
Yes that’s the idea.

When I added the script in the Post Login Action, the application is still asking to scan the QR code
(Google authenticator) after sign up.


Thanks for confirming!

I forgot to mention that you need to toggle MFA to Never in the Security → Multi-Factor Auth settings in your dashboard. This should allow an initial login without enforcing MFA while requiring it for all subsequent logins.

This is a similar pattern to enabling MFA for a subset of users:

1 Like

Thank you very much, it works!

1 Like

Awesome!! Thanks for confirming :slight_smile:

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.