MFA: Inactive user override questions

gsmith · December 11, 2023, 8:52pm

On this MFA page in the docs, it says this:

If a user is inactive for a period of seven days or more, their cookie will expire and they will be prompted for MFA on their next login attempt

I have two questions related to this:

Does this apply to both Classic Universal Login and New Universal Login?
Will a user still be prompted after 7 days if “Never” is selected for “Require Multi-factor Auth” in the policy?

pavan.bn · January 7, 2024, 1:35pm

Hi gsmith,

Thanks for reaching out to Auth0 Community!

For your second question, user will not be prompted for MFA in this case, if the policy is set to “Never” MFA won’t be enforced even after cookie is expires. please refer this document for more information Enable Multi-Factor Authentication

Thanks,
Pavan