Prompt for MFA during specific actions / using MFA without login flow

In my application, if a user does something that might be of importance (ex: confirm their account deletion), I’d like to prompt for MFA.

From my Auth0 MFA research, it seems that I can only trigger MFA during a login flow. Is this correct?

I noticed there is the challenge API, but that requires the mfa_token, which seems to only be available during the login flow + rules processing.

1 Like