MFA turn on off despite application - rules

Hello,
I know how to turnoff mfa in rules

if (user.identities[0].connection === ‘test1’) {
context.multifactor = {
provider: ‘none’
};
}

I know how to enable only duo mode

if (user.identities[0].connection === ‘test’) {
context.multifactor = {
provider: ‘duo’,
ikey: configuration.DUO_IKEY,
skey: configuration.DUO_SKEY,
host: configuration.DUO_HOST,
allowRememberBrowser: true
};
}

I don’t know how to enable for the one application guardian and google auth. , for the second application guardian, google auth and email., for third only guardian and email.

Best Regards

1 Like

Hi Team, if anything is unclear please write. I count on you :slight_smile: .

Hey there @mab!

I recommend moving over to Actions and using the API object, but even then only the following options are available:

Your post login Action might look something like:

exports.onExecutePostLogin = async (event, api) => {

  //enforce mfa for specific client_id(s)
  const mfaApp1 = "5sFZ3AuJ05fsdfQEauNhUfQjMfduVswiujzSqcfG";
  const mfaApp2 = "KnMtXwJypUghbc1IMKCDdLQKOXNqsdfsoLH2HXnQ";

   if (event.client.client_id === mfaApp1) {
    console.log(`enforcing any mfa for: ${event.client.client_id}`)
    api.multifactor.enable(`any`);
   } else if (event.client.client_id === mfaApp2) {
     console.log(`enforcing google authenticator for: ${event.client.client_id}`)
     api.multifactor.enable(`google-authenticator`)
   } else {
     console.log(`mfa not enforced for: ${event.client.client_id}`)
   }
};

Hope this helps at least give you an idea of what’s possible!

2 Likes

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.