Enable Multi-Factor Authentication

You can enable multi-factor authentication (MFA) for your tenant in the Auth0 Dashboard.

When you enable MFA, select the factors (such as push notifications or phone messages) you intend to make available to users and define a policy to determine when you require them to authenticate.

Auth0 supports a variety of factors you can enable for your users to complete authentication.

You must enable and configure at least one independent factor to require MFA for users on your tenant. You may enable multiple independent factors simultaneously as you’d like.

Available independent factors are:

• WebAuthn with FIDO Security Keys

• One-time Password (OTP)

• Push Notification using Auth0 Guardian

• Phone Message

• Cisco Duo Security

You may enable one or more dependent factors once you’ve already enabled and configured at least one independent factor for users on your tenant.

Available dependent factors are:

• WebAuthn with FIDO Biometrics

• Email

• Recovery Code

1. Go to Dashboard > Security > Multi-factor Auth.

   

2. In the Factors section, enable and configure the factors you’d like to make available to users.

3. In the Define policies section, select a policy to determine when users will be prompted for MFA.

   1. Never: MFA is not required for any logins.

   2. Use Adaptive MFA: MFA is required based on Auth0 risk determination. To learn more, read Enable Adaptive MFA.

   3. Always: MFA is required for all logins.

4. If you choose the Never or Always policy, the MFA Risk Assessors section appears. By default, the Enable Adaptive MFA Risk Assessment setting is disabled. Enable the toggle to assess and record risk for all login transactions in your tenant logs.

5. In the Additional Settings section, locate the Show Multi-factor Authentication options setting.

   

   Enable this toggle to allow users to select authentication factors upon enrollment.

   

   Disable this toggle to allow Auth0 to automatically select the most secure authentication factors upon enrollment.

6. Click Save.

You can use Auth0 Actions to customize the MFA flow for users on your tenant. For example, you can create an Action to require MFA in specific circumstances, or to force a particular factor to be used.

To learn more, read Customize Adaptive MFA.

• Configure Push Notifications for MFA
• Configure OTP Notifications for MFA
• Configure SMS and Voice Notifications for MFA
• Configure Email Notifications for MFA
• Configure Cisco Duo Security for MFA
• Customize Multi-Factor Authentication Pages