Authorization Code Flow
MFA - Duo
Duo is a multi-faceted provider and can only be used on your Auth0 tenant if all other factors are disabled.
How it works
Your Duo account can be configured to support push notifications, SMS, OTP, phone callback, and more. See the Duo documentation for more details on Duo setup.
When enabling Duo in the Dashboard, you will need to click on the Duo factor and fill in a few settings fields in order to link your Duo account to Auth0.
How to implement it
Duo does not provide an option for "Remember Me" behavior, so a 30-day MFA session is hard-coded to remember a logged-in user and not prompt them every time they log in. If you wish to force end-users to log in with Duo every time, you may implement this functionality by creating a rule with
allowRememberBrowser: false instead.
End user experience
The user will see a prompt for the second factor with Duo, listing the options you have enabled in your Duo account.