Hi, I have got MFA setup with OTP and Email as options. “Require MFA” is set to “Never” and both “Show MFA options” and “Customize MFA using Actions” are active.
When a user has a verified email and, in an action, I challenge them like this:
api.authentication.challengeWith(
{ type: ‘email’ },
{ additionalFactors: [{type: ‘otp’}]
});
the “Try another method” link is not displayed because the user hasn’t enrolled with OTP. Is it possible to have the link showing even if the user hasn’t enrolled? I would like the list of possible options to be presented, and if the user picks OTP, then they are presented with the QR Code to enrol in OTP.
It looks like Auth0 checks whether a user has the possibility for other MFA methods before displaying the “Try another method” link.
Hi @simoesj, and thank you for your question!
Instead of specifying a default factor like 'email', using type: 'any' in your challenge instructs Auth0 to present the user with a list of all MFA methods allowed by your tenant settings (in your case, Email and OTP).
- If the user has no factors enrolled, they will be prompted to choose a method and complete the enrollment process.
- If the user has one or more factors enrolled, they will be prompted to choose from their available methods to authenticate.
Please let me know if this flow works for you!
Sincerely,
Teodor.
Hi Teodor,
thank you for your reply and suggestion. Unfortunately, this is not what I am after. I understand it is not possible to implement the scenario I described and had to choose a different (safer and more standard) implementation instead.
Thanks, have a great day
1 Like