Executing an Action After a User Successfully Completes an Auth0 MFA Challenge

ActionsMulti-factor Authentication

Last Updated:

Overview

This article explains how an Action can be executed after a user has successfully completed a Multi-Factor Authentication (MFA) challenge.

Applies To

  • Auth0
  • Actions
  • Multi-Factor Authentication (MFA) Challenge

Solution

Auth0 provides multiple methods to enable MFA to give developers flexibility:

  • For Simplicity (Dashboard Toggle): A simple, no-code way to enforce MFA across the board.
  • For Basic Custom Logic (api.multifactor.enable()): Triggers the default MFA policy based on simple, contextual rules (such as an IP address) within an Action.
  • For Advanced Custom Logic (api.authentication.challengeWith...()): Builds complex, step-up authentication flows and runs custom code after a user successfully completes the MFA challenge.

 

When configuring MFA, select the method that aligns with the required behavior of the pipeline:

Options That Stop Action Execution

The first two options do not permit executing Actions after a successful MFA challenge.

  • Enable MFA directly from the dashboard.
  • Start MFA from an Action using the api.multifactor.enable API to trigger the default MFA policy based on simple, contextual rules (such as an IP address).

 

Options That Resume Action Execution

The third option allows executing custom code after completing the MFA challenge. For example, if a tenant has three Actions, with the second Action calling the api.authentication.challengeWithAny Application Programming Interface (API), the flow continues from the third Action upon completion of MFA. This allows the execution of further custom code after the MFA step completes.

Start MFA from an Action using the following APIs to pause and resume the Actions pipeline:

  • api.authentication.enrollWith: Forces the user to enroll one specific new factor.
  • api.authentication.enrollWithAny: Lets the user choose which new factor to enroll from a list.
  • api.authentication.challengeWith: Challenges the user with one specific factor that is already enrolled.
  • api.authentication.challengeWithAny: Lets the user choose which enrolled factor to use for a challenge.

Recommended content

No recommended content found...
Need more help? Visit the Community
Visit the Auth0 Community