Hi everyone,
I’m working on a user registration flow where I capture the user’s phone number and verify it during the signup process. I want to use the same verified phone number for Multi-Factor Authentication (MFA). Additionally, when users configure MFA in the Auth0 UI, the phone_number field should be pre-populated and set as read-only to avoid changes.
Questions:
- How can I ensure the verified phone number is automatically used for MFA during setup?
- Can the phone_number field be read-only in the MFA configuration UI?
- Are there any specific hooks or custom actions I need to implement to achieve this?
Thank you.
Hi @a■■■■osh.dessai,
Welcome to the Auth0 Community!
Whenever a user has configured MFA SMS, the phone number field will always be pre-filled with the user’s verified phone number. The user will be prompted to submit a code to proceed. This phone number cannot be changed unless there is an MFA reset.
Yes, it is a read-only field on the MFA SMS page. You can see in our Configure SMS and Voice Notifications for MFA documentation of screenshots justifying this behavior.
You can implement Passwordless SMS to capture the user’s phone number and verify it during the signup/login process.
If you decide to use a regular Database connection, you can capture the phone number by configuring additional signup fields on the Universal Login page. However, this does not provide any option to verify the phone number or preemptively prefill it on the MFA page. The user’s phone number will only be verified and prefilled after the user configures MFA SMS.
Let me know if you have any questions.
Thanks,
Rueben