We use a post-login script to activate MFA for specific users (after an email invite). The scenario for the issue we’re experiencing is as follows:
user has entered password after having clicked on a link in an invite email
user is then presented with MFA dialog, and selects “Authenticator”
user downloads Google or Microsoft Authenticator, then enters the verification code from the app into the Auth0 verification page
The problem is that (and this happens all the time following an email invite), the verification code is not accepted - It sometimes takes up to a third attempt to get this working. Sometimes it takes more. Could this behavior be related to a delay in the Auth0 back-end (we are testing with a non-production tenant and only enrolling the user post authentication).
Side note: Obviously this would be a show-stopper for us if this happens in production!
A common reason why this may not be working as expected is due to the device time setting not being in sync with the UTC time of the code, See Troubleshooting information here.
You may have already checked this. Do you see the same issue occur with different devices?