Force-enable MFA per-user on hosted login page
-
Enforcing the tenant MFA policy requires all users to set up MFA on their next login. This works well, except I only want to require it for certain users. I haven't found any flag in the user account that would require the user to enable MFA on their next login. Does such a thing exist, or is there any workaround for this?
-
Some options available
- Building your own MFA page: You can build your own MFA page which would call the APIs directly. When a user logs in, you can check to see if they have any
twoFactormethods available and if they don't, you can send them to this page. Source - Step up authentication: You can add step up authentication to your application. Each time the user accesses a sensitive part of an application, you can require a step up, which will force them to provide an additional factor. Source
- API call for specific users: You can make an API call in your application after the user has logged in to force MFA for only certain users. Source
Remember, these workarounds do not directly set a flag for a user to enable MFA on their next login, but they provide ways to enforce MFA for users under certain conditions.
- Building your own MFA page: You can build your own MFA page which would call the APIs directly. When a user logs in, you can check to see if they have any
-
@alex-patterson I read that section in the documentation. Was just hoping there was a simple way to require a user to set up MFA on login.