Reset MFA for a user enrolled with Duo

Problem statement

As a tenant administrator, I need to reset MFA for a user who enrolled with Duo factor. The Auth0 dashboard doesn’t show information to reset the MFA for users enrolled with Duo MFA. How to do it?

Solution

Duo is a third-party MFA provider. To reset MFA for a user who enrolled with Duo MFA, you need to do it on the Duo Dashboard. When a user enrolls with Duo MFA, Auth0 creates a user record on Duo with the following format.

  1. Convert the Auth0 user id to Base-64 encoded format
  2. Convert the encoded hash to lowercase.

For example:
Auth0 user id: google-oauth2|107989355747066500000
Duo username: z29vz2xllw9hdxromnxyyw5kb20tc3rxxxxx

Resetting the MFA on the Duo dashboard will prompt the user to re-enroll for MFA when they log in next time.