Enable Adaptive MFA
Before you start
Configure and enable a Database or Active Directory connection.
Configure and enable at least one MFA factor.
Use Adaptive MFA to trigger MFA when Auth0 determines that an attempted login is risky and to record risk assessments for all login transactions in your tenant logs.
Enable Adaptive MFA
You can enable Adaptive MFA in the Auth0 Dashboard or with the Auth0 Management API.
1. Go to Dashboard > Security > Multi-factor Auth.
2. In the Factors section, enable and configure at least one MFA Factor. To learn more, read Multi-Factor Authentication Factors.
3. In the Define policies section, locate Require Multi-factor Auth, and then select Use Adaptive MFA. Risk assessment will automatically be enabled and recorded in your tenant logs.
4. Click Save.
1. Get a Management API access token with the update:mfa_policies scope.
2. Call the Management API Set the multi-factor authentication policies endpoint with the appropriate payload.
Enable Adaptive MFA Risk Assessment
If you aren't ready to enable Adaptive MFA, but want to start training it to analyze login behavior, you can enable Adaptive MFA Risk Assessment independently.
Locate the Define policies section.
In MFA Risk Assessors, select Enable Adaptive MFA Risk Assessment.
Select Save.
Customize Adaptive MFA
You can customize the behavior of Adaptive MFA to provide the best experience for your users while ensuring security. To learn more, read Customize Adaptive MFA.
Actions that trigger MFA take precedence over default Adaptive MFA behavior.
Limitations
Assessment information in tenant logs is only available for interactive flows. Auth0 does not support recording assessment information for Resource Owner Password Grant (ROPG) flows without adaptive MFA enabled. For more information about authentication flow limitations, read Adaptive MFA.