Updating User MFA Details in Post-Login Action Before MFA Challenge

konrad.sopala · October 23, 2023, 7:39am

Problem statement

If a Post-Login Action is used to update a user’s MFA information (e.g. phone number for SMS), how will the user’s new phone number be used on the MFA challenge.

Example use-case:
A post-login Action will check with an external database to see if the user has entered their phone number correctly. If not the Action will update the user’s phone number.

Solution

Any changes made to the MFA data in a post-login Action will not be reflected in the ensuing MFA challenge. If a phone number is changed in an Action, the new number will not be used to send the SMS. Trying to change user/mfa data while the user is performing a login is not a recommended action to take.

Topic		Replies	Views
Change MFA Factors during post-login trigger Get Help mfa , mfa-api	2	25	March 11, 2025
PostLogin action runs before MFA challenge Get Help	2	1668	July 28, 2022
How to correctly enable SMS or email MFA in post-login trigger Get Help management-api , users	2	219	October 10, 2024
Post-login action and MFA Get Help mfa , mfa-prompt-new-experience	3	911	May 24, 2024
Custom UI to challenge MFA post login Get Help mfa , mfa-sms	2	4384	January 19, 2022

Updating User MFA Details in Post-Login Action Before MFA Challenge

Problem statement

Solution

Related topics