Add Multi-Factor Authentication for Auth0 Dashboard Access
Each Auth0 Dashboard user should self-enroll in multi-factor authentication (MFA). You can enroll in most factors in Your Profile. Device biometrics, however, require progressive enrollment.
Add MFA
To self-enroll for MFA, each Dashboard user must follow these steps:
Click on your username in the top right corner of the Dashboard and click Your Profile.
Find the supported method you want and click + ADD in that row.
Follow the on-screen instructions to complete the enrollment.
Device biometrics
WebAuthn with device biometrics is the only method that you can't add on the Account Settings page. Instead, Auth0 progressively enrolls all of your WebAuthn-capable devices. Auth0 prompts you to enroll those devices after you enroll any other MFA method. These prompts recur each time you log in to Auth0 Dashboard.
As part of the enrollment, Auth0 prompts you to name your devices. This makes it easy to manage them from the Account Settings page.
Browsers with Javascript disabled or without WebAuthn platform authenticator support can't enroll or authenticate with device biometrics. The latest versions of popular browsers and operating systems provide support for WebAuthn with Security Keys. To learn more, read the browser support section on webauthn.me.
Recovery codes
Immediately after successfully enabling two-factor authentication, Auth0 prompts you to copy a recovery code. If you lose access to all your enrolled factors, you can use this recovery code to log in to your account. Auth0 recommends copying and printing recovery codes or storing them in a safe place, such as a password manager.
If you lose the recovery codes or just want to generate new ones, you can do so from Your Profile.
Log in to the Dashboard with MFA enabled
Logging in with MFA enabled is only slightly different than a normal login. When you enter admin account credentials, a second prompt appears, depending on which type of MFA factors you’ve enabled.
If a user loses access to a primary factor, they can click on Select Another Method and try with any of the other factors, including recovery codes. This is why it's so important to enroll in multiple methods to prevent being locked out of your account.
After you successfully add your second authentication factor and you log in from a new device that supports WebAuthn, you see a prompt to "Log in Faster on this Device." This lets you use that device for multi-factor authentication the next time.