Enable Adaptive MFA

Use Adaptive MFA to trigger MFA when Auth0 determines that an attempted login is risky and to record risk assessments for all login transactions in your tenant logs.

You can enable Adaptive MFA in the Auth0 Dashboard or with the Auth0 Management API.

DashboardManagement API

1. Go to Dashboard > Security > Multi-factor Auth.

2. In the Factors section, enable and configure at least one MFA Factor. To learn more, read Multi-Factor Authentication Factors.

3. In the Define policies section, locate Require Multi-factor Auth, and then select Use Adaptive MFA. Risk assessment will automatically be enabled and recorded in your tenant logs.

4. Click Save.

If you are using the Identifier First Authentication factor email, you must update email attributes in Dashboard > Database Connections > Authentication Methods. On the Email Configuration tab, ensure the email attribute is active. Then, set Allow Signup to Required and enable Require email on user profile.

If you aren't ready to enable Adaptive MFA, but want to start training it to analyze login behavior, you can enable Adaptive MFA Risk Assessment independently.

1. Go to Dashboard > Security > Multi-factor Auth.

2. Locate the Define policies section.

3. In MFA Risk Assessors, select Enable Adaptive MFA Risk Assessment.

4. Select Save.

You can customize the behavior of Adaptive MFA to provide the best experience for your users while ensuring security. To learn more, read Customize Adaptive MFA.

Assessment information in tenant logs is only available for interactive flows. Auth0 does not support recording assessment information for Resource Owner Password Grant (ROPG) flows without adaptive MFA enabled. For more information about authentication flow limitations, read Adaptive MFA.

• Customize Adaptive MFA
• Adaptive MFA Log Events
• Multi-Factor Authentication Factors