If you want to customize and manage your users’ Multi-Factor Authentication (MFA) enrollments, you can use Custom Enrollment Tickets. Auth0’s Custom Enrollment Tickets generate a single-use link to direct your users to enroll in with the factor(s) you specify.

Use cases

Use Custom Enrollment Tickets for:
  • Onboarding new users
  • Configuring user settings
  • Specifying factors you want customers to choose during enrollment
  • Allowing users to enroll more than one factor

Configure Custom Enrollment Tickets

Make a post call to ’s /guardian/post_ticket endpoint. 
curl --request POST \
  --url 'https://{yourDomain}/api/v2/guardian/post-ticket' \
  --header 'authorization: Bearer {yourMgmtApiAccessToken}' \
  --header 'content-type: application/json' \
  --data '{ 
 "user_id": "string",
 "email": "user@exampleco.com",
 "send_email": "true",
 "email_locale": "string",
 "factor": "oob",
 "allow_multiple_enrollments": "true"
 }'
ParameterRequiredDescription
allow_multiple_enrollmentsOptionalAllows a previously enrolled user to enroll with additional factors, excluding email.
factorOptionalSpecifies which factor the user must enroll with, excluding email. Used with allow_multiple_enrollments, can specify more than one factor for enrollment.
These parameters can only be used with Universal Login and cannot be used with Classic Login or custom MFA pages.
Management API returns an enrollment ticket containing a ticket_id and a ticket_url. The ticket_id is for internal use. Deliver the ticket_url to the user with the send_email parameter to kick off the enrollment process. Tickets expire after 5 days and are single-use. A user who receives a ticket will only be able to enroll once. Sample response: 
{
  "ticket_id": "gten_8b2f5e90d2c848dc9230d34f",
  "ticket_url": "https://guardianadnrdoifcmtest0.eu.auth0.com/guardian/enroll?ticket=gten_8b2f5e90d2c848dc9230d34f"
}
If you enable Multiple Custom Domains, you need to include the auth0-custom-domain HTTP header. To learn more, review Multiple Custom Domains.

Custom Enrollment Tickets with Classic Login

If you are using the Classic Login experience and need to customize how the page looks when the user navigates to the ticket_url, you can edit the MFA page.
  1. Navigate to Dashboard > Branding > Universal Login > Advanced options > Multi-factor Authentication.
  2. If Customize MFA Page is not selected, toggle this option on.
  3. Update the ticket variable. Example:
{% if ticket %}
<h4 class="message">Welcome, {{ userData.email }}, enroll your device below</h4>
{% else %}
<h4 class="message">Welcome back, {{ userData.email }}, authenticate below</h4>
{% endif %}

Learn more