Provide MFA triggers in Actions

Product Feedback
, ,
1

Feature: Please provide MFA triggers in Actions

Description:

For the Actions, a generic MFA family of triggers could be very beneficial to simplify some workflows when working with enrollment.

The post login actions could be :

  • :fire: Post MFA Reset
    • After the MFA as been reset for the user - See the use case below for detailed possible usage
  • :+1: Post MFA Registration
    • After a new MFA service is added (otp, email, etc) - Could be used to send useful information to the user to warn them
  • :red_question_mark: Pre MFA Registration
  • :red_question_mark: Post MFA Enroll

The complete list of available triggers is as follow:

image
image1027Γ—976 56.8 KB

The event would contain the user object in its context, and of course the api wrapper.

Use-case:

I have been trying to implement a way to force a new MFA enrollment on next login after an MFA Reset, in a situation where it is not acceptable to force enroll all users (some did want to enroll).

The only feasable solution I have right now is to use the management API from my business backend application to add an user metadata to force the enrollment checking the presence in Post Login trigger, then removing it.

It means that it may require to do the MFA reset from our backend application, will require specific development for a feature that could be encapsulated completely in Auth0, and has the added risk of a different behaviour if the reset is done via user profile on Auth0 management screen (enrollment would have to manually triggered via email, or metadata added manually from there…).

In this situation I would find it very elegant if I had in my posession a Post MFA Reset trigger ; The trigger flow to handle my use case would be quite simple:

  • From the Post MFA Reset trigger :
    • Add a user app_metada : mfa_reset = true
  • From the Post Login trigger :
exports.onExecutePostLogin = async (event, api) => {
    if (!!event.user.app_metada['mfa_reset']) {
        api.multifactor.enable('any', { allowRememberBrowser: false });
    }
};

Original Community post before I reached out to Product Feedback:

User property multifactor_last_modified not found in Action event - Auth0 Community