Specify Specific MFA Factor

dfleming · May 5, 2023, 7:53pm

Given the code as a Login rule…

function multifactorAuthentication(user, context, callback) {
  if (context.clientID === configuration.WEB_SITE_APP_ID || 
     context.clientID === configuration.NATIVE_APP_ID) {
    context.multifactor = {
      provider: 'any',
      allowRememberBrowser: false
    };
  }

  callback(null, user, context);
}

Instead of provider: 'any' I’d like to specify specific factors e.g. ‘One Time Password’, ‘Email’, or ‘Recovery Code’ based on user.metadata. Is this possible?

This article indicated to me that any, guardian, google-authenticator, duo are the only options. Customize Multi-Factor Authentication Pages (auth0.com)

rueben.tiow · May 5, 2023, 11:28pm

Hi @dfleming,

Thanks for reaching out to the Auth0 Community!

Unfortunately, this is not possible. The only available MFA providers include any, guardian, google-authenticator, and duo as you have found.

With that, I recommend that you create a feedback request asking to support enforcing a specific MFA factor using Rules.

For now, one possible workaround would be to enable only one MFA factor for your current tenant with your App. Then if other factors are needed, you could use an alternative tenant.

Please let me know if you have any additional questions.

Thanks,
Rueben

Topic		Replies	Views
How do I force a specific MFA factor? Get Help mfa	2	2998	September 20, 2019
Restrict MFA factors by user Get Help mfa , email-factor	0	975	May 23, 2023
Different MFA Factor Options Per Organization Get Help mfa , organizations	7	3628	November 9, 2023
Enforce MFA with specific factors using Actions Get Help mfa , policies-configuration	7	3976	January 8, 2024
Multifactor with both SMS and One-Time Password (Google Auth) Get Help mfa , 2fa	4	4346	May 1, 2019

Specify Specific MFA Factor

Related topics