Enable Adaptive MFA
To use Adaptive MFA, you must have an Enterprise Plan with the Adaptive MFA addon. Refer to Auth0 Pricing for details.
Use Adaptive MFA to trigger MFA when Auth0 determines that an attempted login is risky and to record tenant log events for all login transactions. You can also enable just the assessment without triggering MFA to analyze the potential impact of MFA in your login flow.
You can write rules to trigger MFA only when a login is high-risk (low confidence score) using your own definition of overall confidence measured by a series of confidence assessors.
If you already use rules to trigger MFA from confidence scores and you enable Adaptive MFA in the Auth0 Dashboard, some actions may be different.
Prerequisites
Requires a database connection or an Active Directory connection.
Requires at least one MFA factor to be enabled and configured for your tenant.
Use the Dashboard
Go to Dashboard > Security > Multi-factor Auth.
In the Factors section, enable and configure at least one MFA Factor. To learn more, read Multi-Factor Authentication Factors. Use push, SMS, email, one-time password, or a combination of different methods to enable MFA across all users and applications.
In the Define policies section, for Require Multi-factor Auth, select Use Adaptive MFA. Risk assessment will also be enabled and recorded in your tenant logs. You can also implement your own custom MFA policies using rules.
Click Save.
Use the Management API
To configure Adaptive MFA using the Management API, include the confidence-score payload in the /api/v2/guardian/policies endpoint as in the following example:
curl -H "Authorization: Bearer <token>" -X PUT -H "Content-Type: application/json"
-d '["confidence-score"]' https://hostname.auth0.com/api/v2/guardian/policiesWas this helpful?
To disable the policy, send an empty array [] in the payload as in the following example:
curl -H "Authorization: Bearer <token>" -X PUT -H "Content-Type: application/json"
-d '[]' https://hostname.us.auth0.com/api/v2/guardian/policiesWas this helpful?
Limitation
Assessment information in tenant logs is only available for interactive flows. Auth0 does not support recording assessment information for Resource Owner Password Grant (ROPG) flows without adaptive MFA enabled. For more information about authentication flow limitations, read Adaptive MFA: Auth0 Feature Support.