MFA in forgot password flow

Hi,

Is there a way to add MFA such as One-time Password or SMS (Only if user has configured one) when executing a forgot password flow?

Eg. this is the flow I am looking for:

  1. User clicks on forgot password
  2. User enters email
  3. User gets a verification email
  4. User clicks on verification link and gets redirected to Auth0 reset password page
  5. User first needs to authenticate using his default MFA provider
  6. If MFA is successful then user enters new password and saves it.
1 Like

At this time the reset password flow through universal login does not support the flow you mention; in other words, MFA won’t be prompted as part of that flow. If you haven’t done so already I would suggest you to leave your feedback (use case) through Auth0: Secure access for everyone. But not just anyone.. I know this is already being tracked in product backlog, but I don’t believe to be something on the immediate plans so the more feedback received the better product team can gauge demand and requirements.

1 Like

Hi,

Where can we see any updates/news on that topic?
We are also quite interested in this flow.

Thanks
Daniel

Are there any updates on this? We’re looking to implement the exact same thing

1 Like

Any updates on this???

Hello folks! Just an update here that we are actively working on this enhancement. Stay tuned for for upcoming announcements here and/or in the Auth0 Changelog.