Enable Adaptive MFA
Use Adaptive MFA to trigger MFA when Auth0 determines that an attempted login is risky and to record tenant log events for all login transactions. You can also enable just the assessment without triggering MFA to analyze the potential impact of MFA in your login flow.
You can write rules to trigger MFA only when a login is high-risk (low confidence score) using your own definition of overall confidence measured by a series of confidence assessors.
Requires a database connection or an Active Directory connection.
Requires at least one MFA factor to be enabled and configured for your tenant.
Use the Dashboard
In the Factors section, enable and configure at least one MFA Factor. To learn more, read Multi-Factor Authentication Factors. Use push, SMS, email, one-time password, or a combination of different methods to enable MFA across all users and applications.
In the Define policies section, for Require Multi-factor Auth, select Use Adaptive MFA. Risk assessment will also be enabled and recorded in your tenant logs. You can also implement your own custom MFA policies using rules.
Use the Management API
To configure Adaptive MFA using the Management API, include the
confidence-score payload in the /api/v2/guardian/policies endpoint as in the following example:
curl -H "Authorization: Bearer <token>" -X PUT -H "Content-Type: application/json" -d '["confidence-score"]' https://hostname.auth0.com/api/v2/guardian/policies
Was this helpful?
To disable the policy, send an empty array
 in the payload as in the following example:
curl -H "Authorization: Bearer <token>" -X PUT -H "Content-Type: application/json" -d '' https://hostname.us.auth0.com/api/v2/guardian/policies
Was this helpful?
Assessment information in tenant logs is only available for interactive flows. Auth0 does not support recording assessment information for Resource Owner Password Grant (ROPG) flows without adaptive MFA enabled. For more information about authentication flow limitations, read Adaptive MFA: Auth0 Feature Support.