I have multiple node.js applications on my Auth0 dashboard, and I'm trying to implement Multi-factor Authentication (MFA) for only one of them. However, in the Auth0 dashboard, I can only find the option to enable MFA for all applications.
Is there a way to enable MFA for a specific application without affecting others? I want to have MFA active only for a particular app on my Auth0 dashboard. Any guidance or steps on achieving this would be greatly appreciated.
Additionally, I have attached a screenshot of the message displayed by Auth0 when attempting to activate the MFA option.
Yes. You can achieve this by using Actions
. Follow those steps.
Actions -> Library -> Click on "Create Action Button" -> Select "Build from scratch"
/**
* Handler that will be called during the execution of a PostLogin flow.
*
* @param {Event} event - Details about the user and the context in which they are logging in.
* @param {PostLoginAPI} api - Interface whose methods can be used to change the behavior of the login.
*/
exports.onExecutePostLogin = async (event, api) => {
if (event.client.client_id === '<Application_Client_ID>') {
api.multifactor.enable("any", { allowRememberBrowser: false });
} else {
api.multifactor.enable("none");
}
};
event.client.client_id
line allowed you to read the application client ID. You can enable MFAs for specific applications through that. Using else
you can disable MFA for other applications.
After the configuration click on the deploy button.
Actions -> Flows -> Click on "Login" card
You need to change your MFA setting like the one below to get a better experience and bugs bugs-free environment
Security -> Multi-factor Auth.
Auth0 Docs
Let me know if you need any further assist
Further Notes
Error -: BadRequestError: invalid_request (No confirmed authenticators for the enabled factors)
Possible fix -:
Go to Authentication -> authentication Profile -> Select Identifier + Password
.
If the error further persists, go to Branding -> Universal Login -> Advance Options -> Click on Login tab -> Turn off custom login page
If the error still there, go to Dashboard > Security > Multi-factor Auth and enable the Email toggle (It is not always the email. It should be your preferred option. OP's perspective it was the Guardian option)