From 5a0115f854ee7a36f37029a3ca119d9d2141df35 Mon Sep 17 00:00:00 2001 From: amanda-vanscoy Date: Tue, 9 Dec 2025 12:47:48 -0500 Subject: [PATCH 1/7] Update to clarify Actions examples --- .../adaptive-mfa/customize-adaptive-mfa.mdx | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/main/docs/secure/multi-factor-authentication/adaptive-mfa/customize-adaptive-mfa.mdx b/main/docs/secure/multi-factor-authentication/adaptive-mfa/customize-adaptive-mfa.mdx index 4bd8d3edb..89368554e 100644 --- a/main/docs/secure/multi-factor-authentication/adaptive-mfa/customize-adaptive-mfa.mdx +++ b/main/docs/secure/multi-factor-authentication/adaptive-mfa/customize-adaptive-mfa.mdx @@ -615,7 +615,11 @@ Auth0 provides two Action templates based on Adaptive MFA for you to customize: ### Adaptive MFA template -This template provides an example and starting point for how to build a custom business flow using individual risk assessments. +This template provides an example and starting point for how to build a custom business flow using individual risk assessments. The `[api.multifactor.enable]`(/docs/customize/actions/explore-triggers/signup-and-login-triggers/login-trigger/post-login-api-object#api-multifactor) Action handles both enrollment and issues configured MFA challenges at the end of the login flow. + + +The following example uses `api.multifactor.enable` to trigger MFA challenges. To use `email` notifications, you must also have another independent factor such as push notifications or phone messages. To learn more, read [Configure Email Notifications for MFA](/docs/secure/multi-factor-authentication/multi-factor-authentication-factors/configure-email-notifications-for-mfa). + ```javascript lines expandable /** From ae61eb7e041cb33ff4500b14621a062ab5ba3215 Mon Sep 17 00:00:00 2001 From: amanda-vanscoy Date: Tue, 9 Dec 2025 12:56:32 -0500 Subject: [PATCH 2/7] link fix --- .../adaptive-mfa/customize-adaptive-mfa.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main/docs/secure/multi-factor-authentication/adaptive-mfa/customize-adaptive-mfa.mdx b/main/docs/secure/multi-factor-authentication/adaptive-mfa/customize-adaptive-mfa.mdx index 89368554e..51b5291f8 100644 --- a/main/docs/secure/multi-factor-authentication/adaptive-mfa/customize-adaptive-mfa.mdx +++ b/main/docs/secure/multi-factor-authentication/adaptive-mfa/customize-adaptive-mfa.mdx @@ -615,7 +615,7 @@ Auth0 provides two Action templates based on Adaptive MFA for you to customize: ### Adaptive MFA template -This template provides an example and starting point for how to build a custom business flow using individual risk assessments. The `[api.multifactor.enable]`(/docs/customize/actions/explore-triggers/signup-and-login-triggers/login-trigger/post-login-api-object#api-multifactor) Action handles both enrollment and issues configured MFA challenges at the end of the login flow. +This template provides an example and starting point for how to build a custom business flow using individual risk assessments. The [`api.multifactor.enable`](/docs/customize/actions/explore-triggers/signup-and-login-triggers/login-trigger/post-login-api-object#api-multifactor) Action handles both enrollment and issues configured MFA challenges at the end of the login flow. The following example uses `api.multifactor.enable` to trigger MFA challenges. To use `email` notifications, you must also have another independent factor such as push notifications or phone messages. To learn more, read [Configure Email Notifications for MFA](/docs/secure/multi-factor-authentication/multi-factor-authentication-factors/configure-email-notifications-for-mfa). From 8e958a5bb8ba77a140a923677374bf8ae96d3f8b Mon Sep 17 00:00:00 2001 From: amanda-vanscoy Date: Wed, 10 Dec 2025 10:39:42 -0500 Subject: [PATCH 3/7] Clarification on enroll vs challenge --- ...ound-scim-for-azure-ad-saml-connections.mdx | 10 +--------- .../connection-switching.mdx | 9 +++++---- .../adaptive-mfa/customize-adaptive-mfa.mdx | 18 ++++++++++++++++-- 3 files changed, 22 insertions(+), 15 deletions(-) diff --git a/main/docs/authenticate/protocols/scim/inbound-scim-for-azure-ad-saml-connections.mdx b/main/docs/authenticate/protocols/scim/inbound-scim-for-azure-ad-saml-connections.mdx index 248489ded..30e117452 100644 --- a/main/docs/authenticate/protocols/scim/inbound-scim-for-azure-ad-saml-connections.mdx +++ b/main/docs/authenticate/protocols/scim/inbound-scim-for-azure-ad-saml-connections.mdx @@ -34,10 +34,6 @@ This section describes how to configure a non-gallery enterprise application in ``` - - - - With this: ```json lines @@ -48,10 +44,6 @@ With this: ``` - - - - 6. Review other **Additional Mappings** to ensure the extended SCIM attributes are mapped to your preferred Auth0 attributes. See [attribute mapping](/docs/authenticate/protocols/scim/configure-inbound-scim#attribute-mapping) for details. 7. Choose **Save Changes**. @@ -66,7 +58,7 @@ Configuring SCIM in an Azure AD tenant requires a SCIM endpoint URL and token fr ### Configure SCIM in Azure AD for SAML Apps -1. If the SAML application is not already registered, register a custom **non-gallery enterprise application** in an Azure AD tenant by [following the instructions here](https://community.auth0.com/t/setting-up-azure-ad-as-saml-enterprise-connection/87829). +1. If the SAML application is not already registered, register a custom **non-gallery enterprise application** in an Azure AD tenant by [following the instructions here](https://support.auth0.com/center/s/article/Configure-IdP-Initiated-SAML-Login-with-Azure-as-the-IdP). 2. Go to the **Manage > Properties** tab and confirm that **Assignment Required** is set to **Yes**. 3. Go to the **Manage > Users and Groups** tab and assign the Azure AD users you want to provision. When you assign a group, the users from that group are provisioned. 4. Select the **Manage > Provisioning** tab, select **Get started**, and choose **Automatic** as the **Provisioning Mode.** diff --git a/main/docs/customize/login-pages/universal-login/customize-signup-and-login-prompts/connection-switching.mdx b/main/docs/customize/login-pages/universal-login/customize-signup-and-login-prompts/connection-switching.mdx index c868f5e6d..588fd1be0 100644 --- a/main/docs/customize/login-pages/universal-login/customize-signup-and-login-prompts/connection-switching.mdx +++ b/main/docs/customize/login-pages/universal-login/customize-signup-and-login-prompts/connection-switching.mdx @@ -284,17 +284,18 @@ You can configure the `login-password` prompt using the [Set partials for a prom ```bash cURL curl --request PUT \ - --url 'https://{yourDomain}/api/v2/prompts/login-password/partials' \ + --url 'https://{yourDomain}/api/v2/prompts/login-passwordless/partials' \ --header 'authorization: Bearer {mgmtApiToken}' \ --header 'content-type: application/json' \ - --data '{"login-password":{"form-footer-start":"
"}}' + --data '{"login-passwordless-email-code":{"form-footer-start":" Use Password Instead "}}' + ``` ```csharp C# -var client = new RestClient("https://{yourDomain}/api/v2/prompts/login-password/partials"); +var client = new RestClient("https://{yourDomain}/api/v2/prompts/login-passwordless/partials"); var request = new RestRequest(Method.PUT); request.AddHeader("authorization", "Bearer {mgmtApiToken}"); request.AddHeader("content-type", "application/json"); -request.AddParameter("application/json", "{"login-password":{"form-footer-start":"
"}}", ParameterType.RequestBody); +request.AddParameter("application/json", "{"login-passwordless-email-code":{"form-footer-start":" Use Password Instead "}}", ParameterType.RequestBody); IRestResponse response = client.Execute(request); ``` ```go Go diff --git a/main/docs/secure/multi-factor-authentication/adaptive-mfa/customize-adaptive-mfa.mdx b/main/docs/secure/multi-factor-authentication/adaptive-mfa/customize-adaptive-mfa.mdx index 51b5291f8..6ee39919f 100644 --- a/main/docs/secure/multi-factor-authentication/adaptive-mfa/customize-adaptive-mfa.mdx +++ b/main/docs/secure/multi-factor-authentication/adaptive-mfa/customize-adaptive-mfa.mdx @@ -615,10 +615,13 @@ Auth0 provides two Action templates based on Adaptive MFA for you to customize: ### Adaptive MFA template -This template provides an example and starting point for how to build a custom business flow using individual risk assessments. The [`api.multifactor.enable`](/docs/customize/actions/explore-triggers/signup-and-login-triggers/login-trigger/post-login-api-object#api-multifactor) Action handles both enrollment and issues configured MFA challenges at the end of the login flow. +This template provides an example and starting point for how to build a custom business flow using individual risk assessments. In this example, we use: + +* The [`api.multifactor.enable`](/docs/customize/actions/explore-triggers/signup-and-login-triggers/login-trigger/post-login-api-object#api-multifactor) Action trigger to handle both enrollment and issues configured MFA challenges at the end of the login flow. +* The [`event.user.multifactor`](/docs/customize/actions/explore-triggers/signup-and-login-triggers/login-trigger/post-login-event-object) Actions trigger with the user's enrolled factors. -The following example uses `api.multifactor.enable` to trigger MFA challenges. To use `email` notifications, you must also have another independent factor such as push notifications or phone messages. To learn more, read [Configure Email Notifications for MFA](/docs/secure/multi-factor-authentication/multi-factor-authentication-factors/configure-email-notifications-for-mfa). +Since `email` notifications are not an independent factor, the condition `const canPromptMfa = event.user.multifactor && event.user.multifactor.length > 0;` will return `false` if the user only has `email` as a factor. To learn more, read [Configure Email Notifications for MFA](/docs/secure/multi-factor-authentication/multi-factor-authentication-factors/configure-email-notifications-for-mfa). ```javascript lines expandable @@ -664,6 +667,17 @@ exports.onExecutePostLogin = async (event, api) => { }; ``` +To prompt users, replace the `api.multifactor.enable` with `api.authentication.challengeWithAny()` to force an MFA challenge with an existing factor the user has already enrolled. To review supported factors with Actions, read about the [factors parameter](https://auth0.com/docs/customize/actions/explore-triggers/signup-and-login-triggers/login-trigger/post-login-api-object#api-authentication-challengewithany-factors). For example: + +``` javascript + // It only makes sense to prompt for MFA when the user has at least one + // enrolled MFA factor. + const canPromptMfa = event.user.enrolledFactors && event.user.enrolledFactors.length >0; + + if (shouldPromptMfa && canPromptMfa) { + api.authentication.challengeWithAny([ {type: "email"}, {type:"phone"} ]); +} +``` From 34679e2fe63fa1ec4e8470808a0afcbec32af65f Mon Sep 17 00:00:00 2001 From: amanda-vanscoy Date: Wed, 10 Dec 2025 11:33:13 -0500 Subject: [PATCH 4/7] Redirect for main SDKs but pending review of other docs --- main/docs.json | 24 +++++++++++++++++++ .../adaptive-mfa/customize-adaptive-mfa.mdx | 2 +- 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/main/docs.json b/main/docs.json index bc4d4eef8..f772f3e56 100644 --- a/main/docs.json +++ b/main/docs.json @@ -7410,6 +7410,30 @@ ] }, "redirects": [ + { + "source": "/docs/libraries/auth0-angular-spa", + "destination": "/docs/quickstart/spa/angular/interactive" + }, + { + "source": "/docs/libraries/auth0-android", + "destination": "/docs/quickstart/native/android/interactive" + }, + { + "source": "/docs/libraries/auth0-swift", + "destination": "/docs/quickstart/native/ios-swift/interactive" + }, + { + "source": "/docs/libraries/auth0-php", + "destination": "/docs/quickstart/webapp/php/interactive" + }, + { + "source": "/docs/libraries/auth0-react", + "destination": "/docs/quickstart/spa/react/interactive" + }, + { + "source": "/docs/libraries/auth0js", + "destination": "/docs/quickstart/spa/vanillajs/interactive" + }, { "source": "/docs/get-started/auth-for-genai", "destination": "/docs/get-started/auth0-for-ai-agents" diff --git a/main/docs/secure/multi-factor-authentication/adaptive-mfa/customize-adaptive-mfa.mdx b/main/docs/secure/multi-factor-authentication/adaptive-mfa/customize-adaptive-mfa.mdx index 6ee39919f..256f35d5d 100644 --- a/main/docs/secure/multi-factor-authentication/adaptive-mfa/customize-adaptive-mfa.mdx +++ b/main/docs/secure/multi-factor-authentication/adaptive-mfa/customize-adaptive-mfa.mdx @@ -667,7 +667,7 @@ exports.onExecutePostLogin = async (event, api) => { }; ``` -To prompt users, replace the `api.multifactor.enable` with `api.authentication.challengeWithAny()` to force an MFA challenge with an existing factor the user has already enrolled. To review supported factors with Actions, read about the [factors parameter](https://auth0.com/docs/customize/actions/explore-triggers/signup-and-login-triggers/login-trigger/post-login-api-object#api-authentication-challengewithany-factors). For example: +To prompt users, replace the `api.multifactor.enable` with `api.authentication.challengeWithAny()` to force an MFA challenge with an existing factor the user has already enrolled. To review supported factors with Actions, read about the [`factors` parameter](https://auth0.com/docs/customize/actions/explore-triggers/signup-and-login-triggers/login-trigger/post-login-api-object#api-authentication-challengewithany-factors). For example: ``` javascript // It only makes sense to prompt for MFA when the user has at least one From 2853984212559d1bbe9a488784b8ef2fed611d21 Mon Sep 17 00:00:00 2001 From: amanda-vanscoy Date: Wed, 10 Dec 2025 11:58:36 -0500 Subject: [PATCH 5/7] DR request to clarify AD/LDAP supports psswrd reset but not Actions password reset flow --- .../actions/explore-triggers/password-reset-triggers.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main/docs/customize/actions/explore-triggers/password-reset-triggers.mdx b/main/docs/customize/actions/explore-triggers/password-reset-triggers.mdx index 6e6bc67f2..7b8e979e3 100644 --- a/main/docs/customize/actions/explore-triggers/password-reset-triggers.mdx +++ b/main/docs/customize/actions/explore-triggers/password-reset-triggers.mdx @@ -38,7 +38,7 @@ The `post-challenge` trigger is a function that executes after a user completes ## Limitations -The Password Reset Flow does not support [Active Directory/LDAP connections](/docs/authenticate/identity-providers/enterprise-identity-providers/active-directory-ldap). +[Active Directory/LDAP connections](/docs/authenticate/identity-providers/enterprise-identity-providers/active-directory-ldap) do not support the Reset Password Actions flow (trigger). ## Common use cases From 00012f18f5774f95b17353e876743fe1cc010450 Mon Sep 17 00:00:00 2001 From: amanda-vanscoy Date: Wed, 10 Dec 2025 14:05:54 -0500 Subject: [PATCH 6/7] Revision:Password reset triggers don't support AD/LDAP --- .../actions/explore-triggers/password-reset-triggers.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main/docs/customize/actions/explore-triggers/password-reset-triggers.mdx b/main/docs/customize/actions/explore-triggers/password-reset-triggers.mdx index 7b8e979e3..1001bb15c 100644 --- a/main/docs/customize/actions/explore-triggers/password-reset-triggers.mdx +++ b/main/docs/customize/actions/explore-triggers/password-reset-triggers.mdx @@ -38,7 +38,7 @@ The `post-challenge` trigger is a function that executes after a user completes ## Limitations -[Active Directory/LDAP connections](/docs/authenticate/identity-providers/enterprise-identity-providers/active-directory-ldap) do not support the Reset Password Actions flow (trigger). +Password Reset triggers do not support [Active Directory/LDAP connections](/docs/authenticate/identity-providers/enterprise-identity-providers/active-directory-ldap). ## Common use cases From 30d7bb06cfd637d995e4b41c08339bb8b83c7e8f Mon Sep 17 00:00:00 2001 From: amanda-vanscoy Date: Thu, 11 Dec 2025 15:58:25 -0500 Subject: [PATCH 7/7] Removed redirects --- main/docs.json | 24 ------------------------ 1 file changed, 24 deletions(-) diff --git a/main/docs.json b/main/docs.json index f772f3e56..bc4d4eef8 100644 --- a/main/docs.json +++ b/main/docs.json @@ -7410,30 +7410,6 @@ ] }, "redirects": [ - { - "source": "/docs/libraries/auth0-angular-spa", - "destination": "/docs/quickstart/spa/angular/interactive" - }, - { - "source": "/docs/libraries/auth0-android", - "destination": "/docs/quickstart/native/android/interactive" - }, - { - "source": "/docs/libraries/auth0-swift", - "destination": "/docs/quickstart/native/ios-swift/interactive" - }, - { - "source": "/docs/libraries/auth0-php", - "destination": "/docs/quickstart/webapp/php/interactive" - }, - { - "source": "/docs/libraries/auth0-react", - "destination": "/docs/quickstart/spa/react/interactive" - }, - { - "source": "/docs/libraries/auth0js", - "destination": "/docs/quickstart/spa/vanillajs/interactive" - }, { "source": "/docs/get-started/auth-for-genai", "destination": "/docs/get-started/auth0-for-ai-agents"