Provide users MFA configuration autonomy

Feature: Self-Service Multi-Factor Authentication (MFA) Configuration Option on Login Page and Dedicated API Endpoint for Configuration URL Generation

Description: The significance of robust security, especially MFA, is accentuated by the rising trend in cyber threats. While users who enroll manually can readily set up MFA, the same isn’t true for accounts created programmatically via the API. Addressing this disparity is essential.

Here are the proposed solutions:

  1. Develop a dedicated MFA configuration page, offering a user experience akin to the typical login page.
  2. Introduce a dedicated API endpoint. When invoked, this endpoint would generate a unique “configure URL” for the respective user. The server can then retrieve this URL and forward it to the frontend. This not only facilitates the user in setting up their MFA but also makes it feasible to offer MFA configuration to users outside of the conventional login process.
  3. Embed an MFA setup option directly on the login page, similar to the functions of “reset password” or “forgot password.”

Use-case: Our application, recognizing the importance of streamlined user interactions, facilitates automated account creation via an API. Yet, this efficiency currently comes at the cost of direct MFA setup. Incorporating a dedicated API endpoint to retrieve a unique configuration URL for users addresses this gap. The benefits are manifold:

  1. User Autonomy: Users gain the ability to set up MFA at their discretion, augmenting their trust in the platform’s security measures.
  2. Enhanced Security: Making MFA setup more accessible and intuitive can lead to a higher adoption rate, bolstering overall account security.
  3. Seamless Experience: By combining swift user creation with effortless MFA configuration, the overall user experience is elevated.

Hi @nosh,

Welcome to the Auth0 Community!

Thank you for the very detailed feature request!