We are enabling OTP via authenticator and email as MFA authenticators. Is there any way I can switch between these 2 authenticators based on the user preference? I’ve tried to save user_metadata and used it in Login action to switch between the MFA methods. However the google authenticator method appearing to be the default authenticator once a user logs in and the email method is only available if I click the Try new method button. My requirement is that the user needs to choose the Authenticator method and it should take preference or it should be the only option available to perform Multi-factor Auth. Is there any way to make the authentication method user specific?
Hi there,
Thank you for reaching out to us!
We are trying to reply and provide some information to older posts, in case others encounter the same situation and it could be helpful.
The easiest solution in this case would be to enable and configure the required authenticator methods and then Enable the " Show Multi-factor Authentication options " under the Additional Settings section. This is also outlined in the following Knowledge Article on MFA methods with first login.
Some different approaches, depending on the use case and applicability, would be:
- use metadata in order to challenge the user with a specific MFA method,
- challenge according to a specific Database;
- take advantage of roles for MFA challenges.
Hope this helped!
Gerald