MFA trusted devices Questions

lihua.zhang · April 14, 2023, 10:00pm

1. Does Auth0 have a notation of the trusted device? What is it? Does it collect that data during sign-in or also during installation of the App?

We don’t establish trust with devices for MFA, just Authenticator device enrollments but not the device with which you are signing in. See more explanation about this in the following answers. If you would like to have the feature to establish a trust relationship to define when and when not to prompt for MFA, please go to Auth0: Secure access for everyone. But not just anyone. to create feedback for our Product team to review.

2. Can Auth0 store trusted devices?

We don’t store trusted devices, However, you could find some workarounds by customizing the MFA prompt by rules. Customize Adaptive MFA with Rules

function (user, context, callback) {

  if (conditionIsMet()){
    context.multifactor = {
      allowRememberBrowser: false,
      provider: 'any'
    };
  }
  callback(null, user, context);
}

3. Does Auth0 have the functionality to pass back to UI if a user is signing in again using a trusted device (meaning we then won’t prompt for MFA)?
Not by device, but by browser:

We offer the possibility of remembering a browser from which is being done the sign-in so it won’t ask you for MFA prompt for 30 days unless the cookies from the browser are removed, for which it may ask you to login again.

4. In Auth0, how can a sign-in be flagged as suspicious and based on what that is either “decline” or “challenge login with MFA” even though the user is logging in on a trusted device?

Yes, we have a feature called adaptive MFA. With adaptive MFA enabled, based on different risk factors, it may prompt you for MFA. For instance, if the user is accessing from an IP which is considered suspicious, it will prompt you for MFA. You can read more about this in the following documentation: Adaptive MFA

You could also, customize Adaptive MFA using rules

5. Does Auth0 have a configuration setting for how often to prompt users on a trusted device (like every 60 days for example) or if it’s a trusted device never prompt again?

We offer the possibility of remembering a browser from which is being done the sign-in so it won’t ask you for MFA prompt for 30 days unless the cookies from the browser are removed, for which it may ask you to login again.

Topic		Replies	Views
Wanting an advice for device detection on general authentication flow Help auth0 , api , device	7	3578	April 17, 2021
MFA - Is it possible to turn off "Remember Device for 30 days"? Help	3	3629	November 23, 2022
Maintaining "Remember this Device" support with non-persistent sessions Feedback auth0	0	255	May 14, 2024
"Remember this device for 30 days" is not available during MFA enrollment Help mfa , mfa-prompt-new-experience	1	1261	October 18, 2024
Strategies to Prompt MFA at Customized Intervals Knowledge Articles actions , multifactor	1	703	December 7, 2023

MFA trusted devices Questions

Related Topics