Hi @s.kimura,
Welcome to the Auth0 Community!
The enable() method turns on the ability to use email as an MFA method. This should be enabled from the dashboard at Security > Multi-factor Auth. If you want to customize which MFA factor challenges the user, you must set Require Multi-factor Auth to Never, and turn off MFA Risk Assessors.
Save, and then, at Additional Settings, turn on Customize MFA factors using Actions
However, you’ll see that the dashboard doesn’t allow you to turn on email MFA alone.
As stated in the docs here, email MFA is not a “true” MFA method; therefore, it can’t be the only one turned on. It needs something like SMS or OTP turned on alongside it, which the method you used might’ve automatically turned on.
The challengeWith() function from the ManagementAPI will challenge the user using the email MFA method. You can read more about this from our docs.
exports.onExecutePostLogin = async (event, api) => {
api.authentication.challengeWith({type: 'email'});
}
However, to use it, you will still need to enable other methods of MFA, like SMS or OTP.
If you have any other questions, feel free to reach out.
Have a good one,
Vlad