We want to prompt a user for MFA only when they log in for the first time on a new device. Is this possible?
You can use Auth0 Actions to customize your MFA flow. In this particular case, accessing the NewDevice property will be needed. However, accessing this property requires an Enterprise Plan with the Adaptive MFA addon.
Actions Triggers: post-login - Event Object: Actions Triggers: post-login - Event Object
Adaptive MFA: Adaptive MFA