This article explains why a specific Multi-factor Authentication (MFA) factor is automatically presented as the default when multiple factors are enabled. This guide provides the steps to allow users to select their preferred authentication factor during enrollment.

• Multi-factor Authentication (MFA)

The default MFA factor presented to a user is determined by an internal security hierarchy and is not configurable. The system automatically selects the factor it considers most secure as the default.

While the default factor cannot be changed, an administrator can configure the enrollment policy to display all enabled MFA options, allowing the user to choose their preferred factor. For a visual demonstration of the steps, refer to this video:



In the Auth0 dashboard, navigate to:

1. Security
2. Multi-Factor Auth
3. Scroll down to "Additional Settings"
4. Enable this toggle to allow users to select authentication factors upon enrollment, or disable this toggle to allow Auth0 to automatically select the most secure authentication factors upon enrollment