MFA in forgot password flow

tanmai.naik · August 17, 2020, 8:08am

Hi,

Is there a way to add MFA such as One-time Password or SMS (Only if user has configured one) when executing a forgot password flow?

Eg. this is the flow I am looking for:

User clicks on forgot password
User enters email
User gets a verification email
User clicks on verification link and gets redirected to Auth0 reset password page
User first needs to authenticate using his default MFA provider
If MFA is successful then user enters new password and saves it.

jmangelo · August 19, 2020, 6:41am

At this time the reset password flow through universal login does not support the flow you mention; in other words, MFA won’t be prompted as part of that flow. If you haven’t done so already I would suggest you to leave your feedback (use case) through Auth0: Secure access for everyone. But not just anyone.. I know this is already being tracked in product backlog, but I don’t believe to be something on the immediate plans so the more feedback received the better product team can gauge demand and requirements.

daniel.rhyner · June 28, 2021, 4:36pm

Hi,

Where can we see any updates/news on that topic?
We are also quite interested in this flow.

Thanks
Daniel

bkthomas · December 7, 2022, 9:01pm

Are there any updates on this? We’re looking to implement the exact same thing

spoudel · April 25, 2023, 8:36pm

Any updates on this???

randynasson · July 20, 2023, 2:38am

Hello folks! Just an update here that we are actively working on this enhancement. Stay tuned for for upcoming announcements here and/or in the Auth0 Changelog.