// It only makes sense to prompt for MFA when the user has at least one
// enrolled MFA factor.
const canPromptMfa =
event.user.multifactor && event.user.multifactor.length > 0;
if (canPromptMfa) {
api.multifactor.enable('any', { allowRememberBrowser: true });
}
Will canPromptMfa every be true of api.multifactor.enable has not been called?
Yes, calling api.multifactor.enable('any', { allowRememberBrowser: true}) will prompt the user to login with any of the MFA factors you have enabled and remember them for 30 days.
So I only enable and enroll MFA via an Action (not through the panel). Given that, I need to check first if they have enrolled with any MFA factors event.user.multifactor.length > 0 and if not, call enrollWith()? Just trying to understand how to call these methods.
I understand your approach of having users enroll in MFA once and then prompting them with the same factor if they’ve already enrolled.
However, you can simplify this by using api.multifactor.enable(), method which will automatically prompt users to enroll in MFA if they haven’t set it up yet.