Switching between MFA's

Hi @sishwarya10 ,

I Apologize for the delay.

I discussed this topic with my team internally. Actually we can use the MFA API to enroll the user in the 2nd factor. For example, if the user is already enrolled in Google Authenticator, to enroll SMS factor, here are the details.

1.Pass the access token to enroll the SMS authenticator.

curl --request POST \
  --url '{YOUR_DOMAIN}/mfa/associate' \
  --header 'authorization: Bearer {ACCESS_TOKEN}' \
  --header 'content-type: application/json' \
  --data '{ "authenticator_types": ["oob"], "oob_channels": ["sms"], "phone_number": "+15551234567" }'

This request will return the oob_code like below:

{“authenticator_type”:“oob”,“binding_method”:“prompt”,“oob_channel”:“sms”,“oob_code”:“Fe26.282dcca00….MoJZ1Q3k”}

And on the phone, receive the 6 digits binding_code.

2.Confirm SMS enrollment with the access token and oob_code and binding_code.

curl --request POST \
  --url '{YOUR_DOMAIN}/oauth/token' \
  --header 'authorization: Bearer {ACCESS_TOKEN}' \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data 'grant_type=http://auth0.com/oauth/grant-type/mfa-oob' \
  --data 'mfa_token={ACCESS_TOKEN}'\
  --data 'client_id={YOUR_CLIENT_ID}' \
  --data ‘client_secret={YOUR_CLIENT_SECRET}’ \
  --data 'oob_code={OOB_CODE}' \
  --data 'binding_code={6_DIGIT_CODE}'

3.Verify on the user setting and login as the user, you will see both factors are added.

This article explains the details. Please let me know how it goes. Thank you!

BTW, we created this FAQ recently regarding how to enroll a user in multiple authentication factors using MFA API. It might be helpful to your use case.