Our app has the concept of a team which has team members (which are just Auth0 users). We control who is in a team by adding a teamId to the app_metadata of a user i.e.
{
"teamId": "e61205e0-988c-4c30-89c9-0fc82aae9fe4"
}
In our settings panel, all team members are shown and this is done by the underlying API calling the Auth0 Management API (/api/v2/users) with a lucene query of app_metadata.teamId=e61205e0-988c-4c30-89c9-0fc82aae9fe4
This works great for listing users and populating a table with info about team members.
One problem that I am currently facing is that we want to show which MFA methods each team member uses (e.g. WEBAUTHN_ROAMING or TOTP). We are a security product and this information will be important to our users. But this info is not available as part of the normal user profile and requires a separate API call (/api/v2/users/{user_id}/enrollments). In the normal profile I can see a field called multifactor but that seems to just show guardian for the MFA methods we support and does no further breakdown of the type.
This means that for each team member, a separate API call will need to be done to retrieve MFA methods for each user, which puts us at risk of exceeding the Management API rate limits.
Does anyone know if it’s possible to get the MFA methods in bulk for a set of users? Or any other ideas really. It might be worth noting that we use Auth0 as the “single source of truth” for users and team memberships. There are some places where values are cached to avoid exceeding the rate limits but storing MFA methods somewhere else would be a second-prize for us.