Google Authenticator for Developers

This page refers to using Google Authenticator instead of Auth0 Guardian. Google Authenticator can also be used with Guardian (your users choose which to use) when Push Notifications is enabled. Click here for more information on Guardian.

Enabling Google Authenticator for MFA

To turn on Google Authenticator for two-step verification, first visit the Multifactor Auth page from the dashboard. Then click on the link to use a different provider.

Then you can use the slider to turn on Google Authenticator.

Customize Google Authenticator

Once you have turned on Google Authenticator, the portal displays a code editing textbox containing the following code snippet for you to use:

function (user, context, callback) {

  // run only for the specified clients
  if (CLIENTS_WITH_MFA.indexOf(context.clientID) !== -1) {
    // uncomment the following if clause in case you want to request a second factor only from user's that have user_metadata.use_mfa === true
    // if (user.user_metadata && user.user_metadata.use_mfa){
      context.multifactor = {
        provider: 'google-authenticator',
        // issuer: 'Label on Google Authenticator App', // optional
        // key: '{YOUR_KEY_HERE}', //  optional, the key to use for TOTP. by default one is generated for you

        // optional, defaults to true. Set to false to force Google Authenticator every time.
        // See for details
        allowRememberBrowser: false
    // }

  callback(null, user, context);

When you have finished editing the code snippet based on the requirements of your app, click Save.

Screen customization

At this time Google Authenticator does not allow any customizations to the look and feel of the Google Authenticator screens. For other customization options see Auth0 Guardian.

Configuring Google Authenticator for Select Users

You may choose to enable Google Authenticator only for select users. Within the Customize MFA code snippet, you may include the conditions for Google Authenticator is enabled.

For example, suppose you want to omit MFA for all users signing in from the domain.

function (user, context, callback) {

    if (context.connection !== ''){
        context.multifactor = {
            provider: 'google-authenticator', //required

    callback(null, user, context);

Once you have finished making your desired changes, click SAVE so that they persist.