MFA Once Per Session Action

konrad.sopala · June 28, 2023, 9:28am

Last Updated: Nov 29, 2024

Overview

This article details how to write an MFA Once Per Session Action.

Applies To

Action
Multifactor Authentication (MFA)
Single Page Application (SPA)

Solution

The below can be used to avoid prompting a user for multifactor authentication if they have successfully completed MFA in their current session.

/* triggers MFA once per session */
exports.onExecutePostLogin = async (event, api) => {
	if (!event.authentication.methods.find(({ name }) => name === 'mfa') ) {
       api.multifactor.enable("any", { allowRememberBrowser: true });
    }
};

This is particularly useful when performing silent authentication (prompt=none ) to renew short-lived access tokens in a Single Page Application (SPA) during the duration of a user’s session without having to rely on setting allowRememberBrowser to true .

Topic		Replies	Views
MFA Once per Session Action FAQ example seems incomplete Help mfa , mfa-prompt-new-experience	1	1022	August 14, 2023
Behaviour of Require MFA Once Per Session rule/action on native apps Help mfa , mfa-prompt-classic-experience	1	721	January 5, 2024
Disable allowRememberBrowser Help mfa , mfa-api	5	451	May 6, 2024
Configuring MFA Flow to require MFA once per session with Actions Knowledge Articles mfa , extensibility , actions	1	2935	June 14, 2022
Post-login action and MFA Help mfa , mfa-prompt-new-experience	3	563	May 24, 2024

MFA Once Per Session Action

Overview

Applies To

Solution

Related topics