Reset MFA for a user enrolled with Duo

Problem statement

When an Auth0 tenant administrator receives a request to reset MFA for a user who enrolled in Duo, the Auth0 dashboard doesn’t show information to reset that particular MFA enrollment.

This article explains the necessary process to reset MFA for users who have Duo MFA.

Solution

Duo is a third-party MFA provider. To reset MFA for a user who enrolled with Duo MFA requires logging in to the Duo Dashboard. On the Auth0 side, when a user enrolls with Duo MFA Auth0 creates a user record on Duo with the following format:

  1. Convert the Auth0 user id to Base-64 encoded format
  2. Convert the encoded hash to lowercase.

For example:
Auth0 user id: google-oauth2|107989355747066568537
Duo username: z29vz2xllw9hdxromnxyyw5kb20tc3ryaw5n

Resetting the MFA on the Duo dashboard will prompt the user to re-enroll for MFA during the next login.

1 Like