auth0multi-factor-authentication

Enabling Multi-factor Authentication (MFA) for a specific application in Auth0 dashboard


I have multiple node.js applications on my Auth0 dashboard, and I'm trying to implement Multi-factor Authentication (MFA) for only one of them. However, in the Auth0 dashboard, I can only find the option to enable MFA for all applications.

Is there a way to enable MFA for a specific application without affecting others? I want to have MFA active only for a particular app on my Auth0 dashboard. Any guidance or steps on achieving this would be greatly appreciated.

Additionally, I have attached a screenshot of the message displayed by Auth0 when attempting to activate the MFA option.

enter image description here


Solution

  • Yes. You can achieve this by using Actions. Follow those steps.

    1. Go to Actions -> Library -> Click on "Create Action Button" -> Select "Build from scratch"
    2. Give a name to the action. The trigger should be selected as "Login / Post Login". Then click on the Create button.
    3. Empty all codes in the script. Then paste this line.
    /**
    * Handler that will be called during the execution of a PostLogin flow.
    *
    * @param {Event} event - Details about the user and the context in which they are logging in.
    * @param {PostLoginAPI} api - Interface whose methods can be used to change the behavior of the login.
    */
    exports.onExecutePostLogin = async (event, api) => {
      if (event.client.client_id === '<Application_Client_ID>') {
         api.multifactor.enable("any", { allowRememberBrowser: false });
      } else {
        api.multifactor.enable("none");
      }
    };
    

    event.client.client_id line allowed you to read the application client ID. You can enable MFAs for specific applications through that. Using else you can disable MFA for other applications.

    After the configuration click on the deploy button.

    1. After that, go to Actions -> Flows -> Click on "Login" card
    2. Then on the right side click on the custom tab.
    3. Drag your deployed script can and drop between the start and completed label.
    4. Click on the Apply button

    Note

    You need to change your MFA setting like the one below to get a better experience and bugs bugs-free environment

    1. Go to Security -> Multi-factor Auth.
    2. Follow the same as the screenshots

    enter image description here enter image description here

    Auth0 Docs

    Let me know if you need any further assist

    Further Notes


    Error -: BadRequestError: invalid_request (No confirmed authenticators for the enabled factors)

    Possible fix -:

    Go to Authentication -> authentication Profile -> Select Identifier + Password.

    If the error further persists, go to Branding -> Universal Login -> Advance Options -> Click on Login tab -> Turn off custom login page

    If the error still there, go to Dashboard > Security > Multi-factor Auth and enable the Email toggle (It is not always the email. It should be your preferred option. OP's perspective it was the Guardian option)