This article clarifies whether it is possible to automatically trigger the re-enrollment of Time-based One-Time Password (TOTP) factors for Multifactor Authentication (MFA) when a user logs in using a recovery code.

• Auth0

• Multifactor Authentication (MFA)

• This flow is not supported. Removing an MFA factor without the user specifically stating they want to remove the MFA is not recommended.

• Grant users the ability to remove and add MFA factors by creating a custom interface for the application that utilizes the MFA API to add and remove MFA enrollments. More information about the MFA API can be found here: Auth0 MFA API

Related References

• MFA API Endpoint Documentation