Setting MFA Default Factor when Multiple MFA Factors are Enabled

lihua.zhang · August 31, 2022, 10:55pm

Last Updated: Aug 16, 2024

Problem Statement

When multiple MFA factors are enabled, we need guidance on how to set the default factor for when the user is first prompted for MFA.

Symptoms

Multiple factors enabled
One of them is always showed by default when the user is prompted for MFA

Steps to Reproduce

Enable multiple factors with different levels of security considered such as email, SMS and OTP
Trigger MFA and notice always one of them is showed by default

Cause

This is set by level of security considered for each factor, and can’t be configured. Some factors are considered less risky than others and it causes that these ones are set as the default factor when prompting: push > OTP > SMS.

Solution

The default factor cannot be changed, however the enrollment page can be configured to show all of the enabled MFA factors for the user to choose from. For a visual demonstration of the steps, refer to this video.

In the Additional Settings section, locate the Show Multi-factor Authentication options setting.

Enable this toggle to allow users to select authentication factors upon enrollment.

Disable this toggle to allow Auth0 to automatically select the most secure authentication factors upon enrollment.

Topic		Replies	Views
Ability to set default MFA enrollment factor Feedback auth0 , mfa	1	1674	June 10, 2022
MFA Factors and Policy not prompting user to pick configured factor Help mfa , policies-configuration	2	935	September 6, 2023
MFA methods with first login Knowledge Articles mfa-enrollments , mfa-factors	1	859	September 15, 2023
Ability to select the default MFA factor Help mfa , mfa-sms	4	2634	May 27, 2021
Enrolling in More Than One MFA Factor Knowledge Articles mfa-enrollments , mfa-factors	1	965	September 8, 2023