User is Requested to Enter Authentication Code Whenever Navigating in an Application

Problem Statement:

Every time users open an application, MFA is required even if they entered the MFA code only a few seconds ago.


Users are always required to use an additional factor to log in if the MFA is enabled and MFA policy is set to “Always” on the Auth0 tenant. This is the expected behavior.

If you are interested in having the user enter MFA once per session and navigate anywhere in your app, or if you want to configure step-up Authentication where users are prompted for MFA only on certain routes, here are the details:

Reference Materials: