We’re building a custom UI to allow logged-in users to change their Auth0 MFA number, following this documentation: Manage Authentication Factors with Authentication API
We only have the
phone number as the MFA option with either
Do we need to reset users’ existing MFA numbers before they’re allowed to enroll in another one?
What would be the endpoints that we’d need to call in order after obtaining the MFA token?
When using the MFA API, the procedure could be:
- User logs into their account, requesting the MFA API audience and scopes for enroll, read:authenticators, and remove:authenticators.
- User completes MFA using their existing enrolled authenticator (e.g. old phone number or via recovery code).
With the MFA Access token available, and using the list authenticators endpoint, the existing SMS authenticator’s ID can be found: Authentication API Explorer
Existing Authenticator is deleted using this endpoint: Authentication API Explorer
Enrolment can now be carried out for a new SMS authenticator following the steps here: Enroll and Challenge SMS and Voice Authenticators