Hi,
I have a really specific question for mobile. Does the auth0 platform have the capability to associate user crendentials and profile to a specific mobile device? So 1 user account is associated to 1 user device. So if third-party happens to learn about info regarding user’s account, they can’t login because it’s tied to the account owner’s device.
Is this even possible? I’m just curious.
Mohammad
Hi @mohammadz,
This sounds similar to MFA.
When your Auth0 tenant is configured to use MFA, users must register their device to prove who they are not only by what they know (username/password) but also by what they own (their phone).
Example user enrolled in MFA:
You might find this article helpful: Multi-factor Authentication Guide.
Thanks for the information.
So if I were to implement this, would there be information for me to use in the rules section for custom policy?
Like mobile specific information about the device, some id or other metadata.
Would this be possible? Just curious.
The user agent and IP is available in the context object, and you can see what multifactor provider the user is enrolled with using the user object, but I don’t believe an ID associated with multifactor is available from the rule.
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.
