During a Multi-Factor Authentication (MFA) One-Time Password (OTP) login, Auth0 generates both gd_auth_failed and gd_auth_succeed log events simultaneously. This occurs because Auth0 Universal Login (UL) verifies the provided OTP code against all the user's existing OTP enrollments, resulting in failure logs for unmatched enrollments and a success log for the matched enrollment. The behavior functions by design, and no further action is required.

• Auth0
• Multi-Factor Authentication (MFA)
• One-Time Password (OTP)
• Universal Login (UL)
• Logs

When using universal login, Auth0 verifies the OTP code against all OTP enrollments associated with the user. OTP enrollments lack user-friendly identifiers, such as a phone number, email address, or device name. Consequently, the user cannot select a specific enrollment to verify. Auth0 checks the code against every enrollment, generating a gd_auth_failed log for each incorrect or incomplete enrollment and a gd_auth_succeed log for the correct enrollment.

Why do both failed and successful log events appear during an OTP login in Auth0?

This behavior functions by design. Auth0 evaluates the submitted OTP against all available enrollments to ensure successful authentication without requiring the user to manually identify the specific OTP device. Navigate to the log monitoring section and search for the specific user to verify the successful authentication alongside the failed attempts.

1. Go to Monitoring and choose Logs.
2. Search for the user and locate the gd_auth_succeed event alongside the gd_auth_failed events.