Users Are Not Prompted to Use MFA after Enrolling a Factor

Last Updated: Aug 9, 2024

Overview

Multifactor Authentication (MFA) is not prompted even when multi-factor authentication is enrolled.

Applies To

  • Multifactor Authentication (MFA)
  • Factor enrollment

Cause

  • MFA is not Always enabled.
  • Users enabled the Remember me option.

Solution

MFA can be prompted in different ways. The first step for configuring MFA successfully is to define when users will be able to authenticate using an additional factor. This policy can be set to:

  • Never: Users are not required to use an additional factor to log in.
  • Use Adaptive MFA: Users are required to have an additional factor if the login appears to be a high risk.
  • Always: Users are always required to use an additional factor to log in.

If the policy is set to Always but MFA is not prompted after enrollment, it may be because the Remember me option has been selected. To prevent this, change the allowRememberBrowser value to false within a Post Login Action.

exports.onExecutePostLogin = async (event, api) => {  
  api.multifactor.enable('any', { allowRememberBrowser: false });
}

Related References