Associate a New Authenticator for Use with Multifactor Authentication
Auth0 allows you to configure your tenant so that your end users can self-associate a new authenticator for use in multifactor authentication.
In this tutorial, you'll learn how to configure self-association of a new authenticator for use in multifactor authentication. Configuring Auth0 for such process requires the following steps:
- Obtaining an MFA token
- Requesting authenticator association
- Using the authenticator to confirm association
Let's say that you have enabled multifactor authentication for your tenant, and you are capable of supporting more than one type of authenticator. You can then configure your authorization process so that users who log in and do not have at least one active authenticator (other than a recovery code) can self-associate a new authenticator.
Before you begin the process of configuring self-association of authenticators, you'll need to:
- Configure Your Tenant (including setting the Default Audience and/or Default Directory)
- Register Your API
- Set the grant type property of the Non Interactive Client created with your API
- Create Your Connection
When logging in, your users can self-associate the following types of authenticators:
- Authenticators using one-time passwords as the MFA challenge
- Authenticators using SMS messages as the MFA challenge
You can manually trigger MFA challenges for associated authenticators.