Require MFA once per session
What does it do?
This rule can be used to avoid prompting a user for multifactor authentication if they have successfully completed MFA in their current session.
This is particularly useful when performing silent authentication (
prompt=none) to renew short-lived access tokens in a SPA (Single Page Application) during the duration of a user's session without having to rely on setting
How do I use it?
Just create a new rule in the Auth0 dashboard, and copy the following code replacing the placeholders with the appropriate values.
What is Rule-Based Authentication?
Rules can be used to enrich and transform the user profile, deny access to specific users under certain conditions, retrieve information from external services and much more. For more information about rules, please check the documentation