Hi,
We plan on registering users using a custom registration form, and creating them via the Management API.
We need to verify their email addresses which we will likely do via the built-in email support Auth0 offers. We also need to verify their phone numbers prior to allowing them to use the app.
This would be with a standard password-based authentication, NOT using the passwordless authentication method.
We would not want to require MFA for every login attempt, but the phone number should be added as an MFA method via SMS.
What’s the most efficient way of executing this, leveraging auth0 to handle sending the OTP via SMS, and verifying that it’s correct, during (or immediately after) account registration?
From what I see, the management API supports creating MFA methods but it automatically verifies them.
Can the New Universal Login be used to simplify the SMS-based MFA enrollment, and the first time the user logs in, it will handle the entire process?