auth0-mfa

작성자: auth0

MFA, 2FA, TOTP, SMS 코드, 푸시 알림, 패스키를 추가하거나 민감한 작업 또는 규정 준수를 위해 단계별 인증이 필요할 때 사용합니다.

npx skills add https://github.com/auth0/agent-skills --skill auth0-mfa
ZIP 다운로드GitHub
33

Auth0 MFA Guide

Add Multi-Factor Authentication to protect user accounts and require additional verification for sensitive operations.

Overview

What is MFA?

Multi-Factor Authentication (MFA) requires users to provide two or more verification factors to access their accounts. Auth0 supports multiple MFA factors and enables step-up authentication for sensitive operations.

When to Use This Skill

  • Adding MFA to protect user accounts
  • Requiring additional verification for sensitive actions (payments, settings changes)
  • Implementing adaptive/risk-based authentication
  • Meeting compliance requirements (PCI-DSS, SOC2, HIPAA)

MFA Factors Supported

FactorTypeDescription
TOTPSomething you haveTime-based one-time passwords (Google Authenticator, Authy)
SMSSomething you haveOne-time codes via text message
EmailSomething you haveOne-time codes via email
PushSomething you havePush notifications via Auth0 Guardian app
WebAuthnSomething you have/areSecurity keys, biometrics, passkeys
VoiceSomething you haveOne-time codes via phone call
Recovery CodeBackupOne-time use recovery codes

Key Concepts

ConceptDescription
acr_valuesRequest MFA during authentication
amr claimAuthentication Methods Reference - indicates how user authenticated
Step-up authRequire MFA for specific actions after initial login
Adaptive MFAConditionally require MFA based on risk signals

Step 1: Enable MFA in Tenant

Via Auth0 Dashboard

  1. Go to Security → Multi-factor Auth
  2. Enable desired factors (TOTP, SMS, etc.)
  3. Configure Policies:
    • Always - Require MFA for all logins
    • Adaptive - Risk-based MFA
    • Never - Disable MFA (use step-up instead)

Via Auth0 CLI

# View current MFA configuration
auth0 api get "guardian/factors"

# Enable TOTP (One-time Password)
auth0 api put "guardian/factors/otp" --data '{"enabled": true}'

# Enable SMS
auth0 api put "guardian/factors/sms" --data '{"enabled": true}'

# Enable Push notifications
auth0 api put "guardian/factors/push-notification" --data '{"enabled": true}'

# Enable WebAuthn (Roaming - Security Keys)
auth0 api put "guardian/factors/webauthn-roaming" --data '{"enabled": true}'

# Enable WebAuthn (Platform - Biometrics)
auth0 api put "guardian/factors/webauthn-platform" --data '{"enabled": true}'

# Enable Email
auth0 api put "guardian/factors/email" --data '{"enabled": true}'

Configure MFA Policy

# Set MFA policy: "all-applications" or "confidence-score"
auth0 api patch "guardian/policies" --data '["all-applications"]'

Step 2: Implement Step-Up Authentication

Step-up auth requires MFA for sensitive operations without requiring it for every login.

The acr_values Parameter

Request MFA by including acr_values in your authorization request:

acr_values=http://schemas.openid.net/pape/policies/2007/06/multi-factor

Implementation Pattern

The general pattern for all frameworks:

  1. Check if user has already completed MFA (inspect amr claim)
  2. If not, request MFA via acr_values parameter
  3. Proceed with sensitive action once MFA is verified

For complete framework-specific examples, see Examples Guide:

  • React (basic and custom hook)
  • Next.js (App Router)
  • Vue.js
  • Angular

Additional Resources

This skill is split into multiple files for better organization:

Step-Up Examples

Complete code examples for all frameworks:

  • React (basic and custom hook patterns)
  • Next.js (App Router with API routes)
  • Vue.js (composition API)
  • Angular (services and components)

Backend Validation

Learn how to validate MFA status on your backend:

  • Node.js / Express JWT validation
  • Python / Flask validation
  • Middleware examples

Advanced Topics

Advanced MFA implementation patterns:

  • Adaptive MFA with Auth0 Actions
  • Conditional MFA based on risk signals
  • MFA Enrollment API

Reference Guide

Common patterns and troubleshooting:

  • Remember MFA for 30 days
  • MFA for high-value transactions
  • MFA status display
  • Error handling
  • AMR claim values
  • Testing strategies
  • Security considerations

Related Skills

  • auth0-quickstart - Basic Auth0 setup
  • auth0-passkeys - WebAuthn/passkey implementation
  • auth0-actions - Custom authentication logic

References

auth0의 다른 스킬

acul-screen-generator
auth0
완전한 브랜드 적용 Auth0 Advanced Custom Universal Login (ACUL) 화면 구현을 React 또는 Vanilla JS SDK를 사용하여 생성합니다. 개발자가 요청할 때 사용하세요.
official
auth0-android
auth0
Android 애플리케이션(Kotlin/Java)에 Web Auth, 생체 인증 보호 자격 증명 및 MFA를 사용하여 인증을 추가할 때 사용합니다 - 통합…
official
auth0-angular
auth0
Angular 애플리케이션에 라우트 가드 및 HTTP 인터셉터를 사용하여 인증을 추가할 때 사용하며, SPA를 위해 @auth0/auth0-angular SDK를 통합합니다.
official
auth0-aspnetcore-api
auth0
ASP.NET Core Web API 엔드포인트를 JWT Bearer 토큰 검증, 범위/권한 확인 또는 무상태 인증으로 보호할 때 사용합니다 - 통합…
official
auth0-cli
auth0
Auth0 CLI 명령어 참조 — 앱, API, 사용자, 역할, 조직, 액션, 로그, 사용자 정의 도메인, 유니버설 로그인, 테라폼, 원시 API 모드, --json…
official
auth0-expo
auth0
Expo(React Native) 모바일 앱에 인증(로그인, 로그아웃, 사용자 세션, 보호된 라우트, 생체 인증, 토큰 관리)을 추가할 때 사용합니다. 통합…
official
auth0-express
auth0
Express.js 웹 애플리케이션에 인증(로그인, 로그아웃, 보호된 라우트)을 추가할 때 사용 - 세션 기반 인증을 위해 express-openid-connect를 통합합니다.
official
auth0-fastapi-api
auth0
FastAPI API 엔드포인트를 JWT Bearer 토큰 검증, 범위/권한 확인 또는 무상태 인증으로 보호할 때 사용 - REST를 위해 auth0-fastapi-api 통합…
official