Require MFA Only at Login

t.fukao · April 25, 2025, 12:35am

When MFA is enabled, I’m prompted to enter a one-time password every time I reload the browser.

Is it possible to require the one-time password only at the time of login?

I’m using Auth0 Vue SDK.
And the MFA is called within a Post Login Action as shown below.

exports.onExecutePostLogin = async (event, api) => {
    if (event.user.user_metadata.use_mfa == 1){
        api.multifactor.enable('guardian', { allowRememberBrowser: false });
    }
};

remus.ivan · April 25, 2025, 11:37pm

Hi @t.fukao,

Welcome back to the Auth0 Community!

The reason the user is prompted for MFA again is that Actions are executed during each login, which includes both standard login and silent authentication requests or Refresh Token exchanges.

To ensure that your Action does not run on subsequent logins, you can enforce your action code to check for:

A refresh token exchange

if(event.transaction.protocol === "oauth2-refresh-token"){
        return;
  }

A silent authentication

if(event.request.query.response_mode === 'web_message'){
       return;
 }

I hope this helps!
Best regards,
Remus

system · May 9, 2025, 11:38pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
MFA is always required Get Help mfa , one-time-password-otp-factor	3	118	November 6, 2024
MFA not required even though factor is enabled? Get Help mfa , mfa-prompt-classic-experience	9	34	April 1, 2025
What is the correct way to require MFA for ONLY auth0 connections? Get Help mfa , mfa-api	3	2588	January 11, 2023
Not able to refresh token if mfa is eanbled (Error: mfa_required) Get Help mfa , one-time-password-otp-factor	6	4326	April 7, 2023
Different UI for MFA Get Help mfa , one-time-password-otp-factor	0	165	June 13, 2024

Require MFA Only at Login

Related topics