Hi Auth0 community,
I’m implementing a required Multi-Factor Authentication (MFA) step using SMS to verify users immediately after sign-up. We want this to be a core part of our onboarding to ensure real user identity verification before platform entry.
We currently use a Progressive Profiling Action + Forms flow to collect crucial data before the user’s first full login:
-
User’s phone number (stored in
user_metadata.phone.number
as E.164 string). -
Legal consent for application updates (stored in
user_metadata.consent_terms_and_conditions
).
Our core problem is leveraging this pre-collected phone number for the required SMS MFA enrollment. We are using Twilio as our SMS provider.
This is the guide I used to setup our profiling form: https://auth0.com/docs/customize/forms/configure-progressive-profile-form
After the custom form is submitted and the user_metadata
is updated, I am trying to use a Post-Login Action to force MFA enrollment:
I am using api.authentication.enrollWith({ type: "phone", ... })
to trigger the standard Auth0 SMS flow.
Is there a prescribed method to bridge the phone number collected in a custom form so that Twilio/SMS MFA can seamlessly use it for required enrollment? I’d like to achieve a unified, smooth user experience without requiring the user to type their number twice.
Any guidance on the correct Action API methods or flow configuration would be greatly appreciated.
Thanks!