Enable Adaptive MFA

Before you start

  • Subscribe to an Enterprise Plan with the Adaptive MFA addon. Refer to Auth0 Pricing for details.

  • Configure and enable a Database or Active Directory connection.

  • Configure and enable at least one MFA factor.

Use Adaptive MFA to trigger MFA when Auth0 determines that an attempted login is risky and to record risk assessments for all login transactions in your tenant logs.

Enable Adaptive MFA

You can enable Adaptive MFA in the Auth0 Dashboard or with the Auth0 Management API.

1. Go to Dashboard > Security > Multi-factor Auth.

Auth0 Dashboard Security Multi-factor Auth Adaptive MFA Policy

2. In the Factors section, enable and configure at least one MFA Factor. To learn more, read Multi-Factor Authentication Factors.

3. In the Define policies section, locate Require Multi-factor Auth, and then select Use Adaptive MFA. Risk assessment will automatically be enabled and recorded in your tenant logs.

4. Click Save.

Enable Adaptive MFA Risk Assessment

If you aren't ready to enable Adaptive MFA, but want to start training it to analyze login behavior, you can enable Adaptive MFA Risk Assessment independently.

  1. Go to Dashboard > Security > Multi-factor Auth.

  2. Locate the Define policies section.

  3. In MFA Risk Assessors, select Enable Adaptive MFA Risk Assessment.

  4. Select Save.

Customize Adaptive MFA

You can customize the behavior of Adaptive MFA to provide the best experience for your users while ensuring security. To learn more, read Customize Adaptive MFA.

Limitations

Assessment information in tenant logs is only available for interactive flows. Auth0 does not support recording assessment information for Resource Owner Password Grant (ROPG) flows without adaptive MFA enabled. For more information about authentication flow limitations, read Adaptive MFA.

Learn more