MFA in forgot password flow

Hi,

Is there a way to add MFA such as One-time Password or SMS (Only if user has configured one) when executing a forgot password flow?

Eg. this is the flow I am looking for:

  1. User clicks on forgot password
  2. User enters email
  3. User gets a verification email
  4. User clicks on verification link and gets redirected to Auth0 reset password page
  5. User first needs to authenticate using his default MFA provider
  6. If MFA is successful then user enters new password and saves it.
1 Like

At this time the reset password flow through universal login does not support the flow you mention; in other words, MFA won’t be prompted as part of that flow. If you haven’t done so already I would suggest you to leave your feedback (use case) through auth0.com/feedback. I know this is already being tracked in product backlog, but I don’t believe to be something on the immediate plans so the more feedback received the better product team can gauge demand and requirements.

1 Like