Require Users to Re-Verify Email After Time Period

I have a client using Auth0 that would like their users to verify their email address on a regular basis. I’ve connected the application to the default User Database and the new user is sent an email to verify their email when they sign up or if they try to login and are not already verified.

Is there a way to have that verification expire after 14 or 30 days? Could I set up a rule where a user’s email is changed to unverified automatically after that period and then they have to verify on next login?

Hi @srllaves ,

Welcome to the Auth0 Community!

I understand that you want to trigger user re-verification on a regular basis.

In the user profile, there are several date time variables: created_at, last_login, last_password_reset, and updated_at.

You can implement this via a rule to check the timestamp and if it’s over the time limit, update email_verified flag to false and trigger a new verification email using the Auth0 Management API.

Here are a few docs for your reference, hope this helps!

Meantime, let’s see if other community members have suggestion for this topic.

2 Likes

Another suggestion for securing user identity is using Auth0 MFA. This doc has the details.

1 Like

Thanks so much @lihua.zhang. I think what you’ve outlined would work for what they are requesting. However, I think for their purposes I’m going to recommend MFA and password expiration, which I saw is a built-in rule in the Auth0 platform. That would be more secure than sending emails out to users, especially if I’m not sure the email addresses are valid.

2 Likes

That sounds great! :clap: