MFA setup after initial decline
I see in the docs that when mfa is set to optional, a user should be prompted to enroll mfa at sign-in. This appears to work when the account is created but what if the user declines at sign-in and then decides later to enroll? Is there a way to send them back through the auth flow and have it re-prompt for mfa enrollment? Each time a user signs in after creating the account and declining mfa, it just signs them in after the password is entered. There's no prompt for mfa. I'm just using the OAuth flow, no SDKs.
Thanks!
4 Replies
Currently, the only way for users to set up MFA is via the sign-up flow. You can set up MFA for the user via their user details page in your Kinde account.
I will let the team know about your request for this functionality.
Thanks, Andre. Enrolling MFA in the signup flow works for me but I'm curious as to how the user is prompted for this after they've initially declined? In other words, once a user has signed up and declined mfa in the signup flow, they're never prompted for it at sign-in. How do I tell Kinde to re-prompt them when they sign in? I'm looking for a way to do this through an API as I'll need to put the feature in my app. I see where mfa details can be reset (which I assume would do what I'm asking) but it looks like this is done via the web interface? Is there a way to do this through an API?
Unfortunately, the ability to reset MFA isn't yet available via the API, but I agree we should make it available and will nudge the team on this.
Thank you for clarifying and passing it along. I'd really appreciate it if this were a feature. Unfortunately, not having this means that I'll need to manually answer tickets (and come up with an out-of-band validation strategy) for MFA reset requests. Being able to do this on a self-serve basis via the api in my app would truly make Kinde the complete package. Thanks again!