MFA triggers twice post successful login

Hello,
I am trying to setup login functionality via auth0 in our single page application.
We have created a application in the tenant, and an api as audience to communicate with auth0 tenant. We have implemented MFA via actions

exports.onExecutePostLogin = async (event, api) => {
  // disable MFA for Microsoft-SSO
    if (event.connection.name !== "Microsoft-SSO") {
        console.log("MFA triggered for user - " + event.user.email);
        api.multifactor.enable("any");
        console.log("MFA completed");
  };
};

As an user when I try to login I am asked to enter my one time password (mfa code) twice before letting me in the system.

The same configurations are working in our lower environment tenant with just single one time password. We looked into the logs
and It seems like a Guardian - Start second factor authentication which is not configured by us. I am not sure what configuration in our tenant is creating this behavior.

Hi @abhishek.trivedi

Thank you for posting your question on the Auth0 Community!

I believe what might be happening is that your SPA application makes another /authorize after the initial MFA.

You can review this knowledge article regarding having MFA Once per Session.
Alternatively, you can disable the MFA on your tenant and only enable it an run-time via Actions. Before enabling it, you can check for a variable (set as user metadata), when this variable is set to false, the MFA is disabled for that specific connection. You can also change your action to skip the MFA for only the Microsoft-SSO connection and not prompt the other connections again for the MFA using the action.

Let me know if you have any other questions or if the provided solution is of any help!

Kind Regards,
Nik

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.