Problem statement
When we enable One-time Password as an MFA option, can we further restrict users to only use specific One-time Password Apps? For example, would it be possible to only allow a user to enroll with Microsoft Authenticator?
Solution
Restricting authenticator apps is not supported. Auth0’s MFA implementation for OTP is based on RFC 6238. Third-party authenticator applications that are compliant with RFC 6238 can be used.