Restrict to a specific OTP Authenticator App a user can use

Problem statement

When we enable One-time Password as an MFA option, can we further restrict users to only use specific One-time Password Apps? For example, would it be possible to only allow a user to enroll with Microsoft Authenticator?

Solution

Restricting authenticator apps is not supported. Auth0’s MFA implementation for OTP is based on RFC 6238. Third-party authenticator applications that are compliant with RFC 6238 can be used.