Specify Specific MFA Factor

dfleming · May 5, 2023, 7:53pm

Given the code as a Login rule…

function multifactorAuthentication(user, context, callback) {
  if (context.clientID === configuration.WEB_SITE_APP_ID || 
     context.clientID === configuration.NATIVE_APP_ID) {
    context.multifactor = {
      provider: 'any',
      allowRememberBrowser: false
    };
  }

  callback(null, user, context);
}

Instead of provider: 'any' I’d like to specify specific factors e.g. ‘One Time Password’, ‘Email’, or ‘Recovery Code’ based on user.metadata. Is this possible?

This article indicated to me that any, guardian, google-authenticator, duo are the only options. Customize Multi-Factor Authentication Pages (auth0.com)

rueben.tiow · May 5, 2023, 11:28pm

Hi @dfleming,

Thanks for reaching out to the Auth0 Community!

Unfortunately, this is not possible. The only available MFA providers include any, guardian, google-authenticator, and duo as you have found.

With that, I recommend that you create a feedback request asking to support enforcing a specific MFA factor using Rules.

For now, one possible workaround would be to enable only one MFA factor for your current tenant with your App. Then if other factors are needed, you could use an alternative tenant.

Please let me know if you have any additional questions.

Thanks,
Rueben

system · May 19, 2023, 11:29pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.