What Updates a User's multifactor_last_modified Field

Problem statement

What is the difference between the multifactor_last_modified field and other fields like created_at in the mfa enrollments section of a user profile JSON? When is a user’s multifactor_last_modified field updated?

"multifactor_last_modified": "2022-10-28T18:03:00.808Z",
    "app_metadata": {
        "authorization": {
            "groups": [],
            "roles": [],
            "permissions": []
    "last_ip": "",
    "last_login": "2022-10-28T18:02:09.802Z",
    "logins_count": 11,
    "blocked_for": [],
    "guardian_authenticators": [
            "id": "sms|dev_XXXX",
            "type": "sms",
            "confirmed": true,
            "name": "XXXXXXXXXXXXX",
            "created_at": "2022-10-28T18:02:37.000Z",
            "last_auth_at": "2022-10-28T18:03:00.000Z"


  • There can be different time stamps for the multifactor_last_modified field and created_at for a user.
  • They may have an enrollment created_at a specific date, but then the field multifactor_last_modified for that user contains a date that is far older than the previous one, causing some confusion.

Steps to reproduce

  1. Create an MFA enrollment for a user
  2. Create another enrollment
  3. The multifactor_last_modified, will refer to the last enrollment in this case
  4. Remove an enrollment or reset MFA and the multifactor_last_modified will make reference to the last update to MFA settings.


The multifactor_last_modified field will show the last time there was a change related to the MFA settings for a user (create/delete enrollments or even reset MFA). The created_at field is the date an enrollment request started.