Restrict 2FA to email only

We’re using then new Universal Login and want to customize the 2FA experience for our customers. We only want to offer email 2FA but haven’t been able to achieve that either via the UI (because email cannot be enabled on its own) or via a rule with code like:
context.multifactor = {
provider: ‘email’,
allowRememberBrowser: false
};
The user is always offered both SMS and email. We also don’t want to show the user the recovery code option the first time they log in.

Hi @paul.smith,

Welcome to the Auth0 Community Forum!

According to this doc email mfa must be accompanied by another type of mfa.

https://auth0.com/docs/multifactor-authentication/factors/email.

It also explains why email is not offered as a standalone mfa.

Let me know if you have any questions.

Thanks,
Dan

Hi Dan, thanks for your reply. How about my 2nd question, is it possible to disable 2FA via recovery code? This seems to always be enabled

Hi @paul.smith,

There is no way to disable recovery code. If this is something you would like to see I suggest you submit it to our feedback page.

Thanks,
Dan

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.