// It only makes sense to prompt for MFA when the user has at least one
// enrolled MFA factor.
const canPromptMfa =
event.user.multifactor && event.user.multifactor.length > 0;
if (canPromptMfa) {
api.multifactor.enable('any', { allowRememberBrowser: true });
}
Will canPromptMfa every be true of api.multifactor.enable has not been called?
Hi @emurphy,
Yes, it would always be true if the user has registered with at least one MFA factor previously.
I have tested it and can confirm it works.
Let me know if you have any further questions.
Thanks,
Rueben
Will .enable enroll them? Or I also need to call enrollWith()? What does .enable do?
Hi @emurphy,
Thanks for the reply.
Yes, calling api.multifactor.enable('any', { allowRememberBrowser: true}) will prompt the user to login with any of the MFA factors you have enabled and remember them for 30 days.
Cheers,
Rueben
So I only enable and enroll MFA via an Action (not through the panel). Given that, I need to check first if they have enrolled with any MFA factors event.user.multifactor.length > 0 and if not, call enrollWith()? Just trying to understand how to call these methods.
Hi @emurphy,
I understand your approach of having users enroll in MFA once and then prompting them with the same factor if they’ve already enrolled.
However, you can simplify this by using api.multifactor.enable(), method which will automatically prompt users to enroll in MFA if they haven’t set it up yet.
Thanks,
Rueben