MFA (google authenticator) Enrollment in Universal Login

wbt · May 12, 2025, 4:07pm

I want to Enroll an already logged in user to MFA using Universal Login without them having to login again. In my app, I want users to be able to go to their profile page and select “enroll mfa” if they don’t have it yet.

Is this possible?

Here’s the flow I’ve tried so far:

When “enroll mfa” button is clicked, “enableMfa=1” gets added to user_metadata
I then do a silent auth by redirecting to /authorize with prompt=none
A post-login action reads the user metadata, if it sees ‘enableMfa’ it would do api.authentication.challengeWith({type: ‘otp’});

I did silent auth in step 2 in the hopes that Universal Login would detect existing session and that it would just show the MFA enrollment prompt — unfortunately that was not the case.

nik.baleca · May 12, 2025, 6:37pm

Hi @wbt

Welcome to the Auth0 Community!

I would recommend to read our documentation regarding enrolling and challenging users using OTP, this knowledge article and this community post.

Let me know if there is anything you might need clarification on or if you have any other questions.

Kind Regards,
Nik

Topic		Replies	Views
Skip MFA enrollment page in classic universal login Get Help management-api , users	4	777	November 9, 2023
How can we prompt for MFA enrolment in a rule or post authentication? Get Help mfa	12	5463	August 27, 2020
api.authentication.enrollWithAny({type: 'otp'}); not working in login action Get Help login-experience , new-universal-login-experience	4	783	March 2, 2024
How to allow user to enroll MFA any time inside an application Get Help guardian , management-api	7	391	January 20, 2025
Enrolling in MFA after initial sign-up Get Help mfa	2	3223	October 30, 2020

MFA (google authenticator) Enrollment in Universal Login

Related topics