Ready to post? First, try searching for your answer.
I have 2 Applications in my Staging Tenant. I need to enforce MFA for only one of the applications.
In the Panel, I have:
Require Multi-factor Auth set == Never
Enable Adaptive MFA Risk Assessment == On
Show Multi-factor Authentication options == On
Customize MFA Factors using Actions == On
I receive this error from the non-mfa-app post login:
Something Went Wrong
Two-factor authentication is required to access this application. To enable this, please contact your system administrator.
Here is my custom Login Action:
exports.onExecutePostLogin = async (event, api) => {
// immediately bust out if non-mfa-app - we do not require MFA for this app
if (event.client.name == "non-mfa-app"){
return;
}
const promptConfidences = ['low', 'medium'];
const confidenceDevice =
event.authentication?.riskAssessment?.assessments?.NewDevice?.confidence;
const confidenceIP =
event.authentication?.riskAssessment?.assessments?.UntrustedIP?.confidence;
const confidenceTravel =
event.authentication?.riskAssessment?.assessments?.ImpossibleTravel?.confidence;
const shouldPromptMfa =
confidenceDevice && promptConfidences.includes(confidenceDevice)
|| confidenceIP && promptConfidences.includes(confidenceIP)
|| confidenceTravel && promptConfidences.includes(confidenceTravel);
const canPromptMfa =
event.user.multifactor && event.user.multifactor.length > 0;
if (shouldPromptMfa && canPromptMfa) {
api.multifactor.enable('any', { allowRememberBrowser: true });
api.authentication.enrollWith({ type: 'otp'});
}
};