Universal Login Page: Enroll with multiple MFA factors

Feature:

Allow users to enroll with multiple factors at the same time, e.g. TOTP and WebAuthn, when using Auth0’s Universal Login MFA pages (via custom enrollment tickets).

Description:

To build an interface to let users manage their own authentication factors, Auth0 customers can either build this interface themselves using various Auth0 management APIs (with know limitations as documented by Auth0) or they can create enrollment tickets to link users to Auth0’s Universal Login Page.

While the later solution is simpler and preferable if the Universal Login Pages are already used, it currently only allows users to enroll with one factor.

If a user is already enrolled, the enrollment ticket link redirects to the following page instead:

Please allow users to be enrolled with multiple factors at the same time (similar to how Auth0 does it, see section below) which is especially useful in combination with WebAuthn, e.g. if users want to enroll with multiple devices (mobile phone and desktop device).

Use-case:

Auth0 customers want to offer a MFA dashboard to their users, e.g. as implemented by Auth0 at manage.auth0.com (user profile page):

Please note that on this Auth0 profile page, it’s already possible to enroll with multiple factors.

So, this feature already exists but doesn’t seem to be enabled or active for Auth0 customers (only for Auth0 themselves).

Hey there!

Thanks for creating this feedback card! Hope it gets some traction from other community users!

isn’t there any movement towards enabling multiple MFA enrollments? this ticket is over an year old…

3 Likes

Indeed it seems like the tech is already there are Auth0 is using the enrollment ticket mechanism in their own profile page (the url of the popup that opens points to an enrollment ticket). Auth0 should extend this functionality to their customers @rueben.tiow @dawid.matuszczyk

2 Likes

@konrad.sopala can this be achieved using actions?

For example, could a custom parameter be passed to the /authorize API to signal which factor to enroll, such as &mfa-enroll=otp or &mfa-enroll=phone?

Then the action would look for event.request.query['mfa-enroll'] === 'otp' in the action and execute:

api.authentication.enrollWith({ type: 'otp' })

@rueben.tiow @ale.vesga1 is there any update the Auth0 team can provide on this request?

Apologies for the direct mention, not sure how to bring attention to an old ticket.

That would be great.
I know we can enroll multiple MFA programmatically however providing this option directly in the Universal Login page would be great.
Even better (in my case), in auth0-angular sdk, having something to trigger enroll mfa workflow at any times.