Configure OTP Notifications for MFA

Application Credentials
Attack Protection
Continuous Session Protection
Highly Regulated Identity
Auth0’s Mobile Driver's License Verification Service
Multi-Factor Authentication
- Multi-Factor Authentication (MFA)
- Enable Multi-Factor Authentication
- Multi-Factor Authentication Factors
- WebAuthn as Multi-Factor Authentication
- Configure Cisco Duo Security for MFA
- FIDO Authentication with WebAuthn
- Adaptive MFA
- Auth0 Guardian
- Customize MFA
- Authenticate Using ROPG Flow with MFA
- Step-Up Authentication
- Configure Recovery Codes for MFA
- Manage Authentication Factors with APIs
- Reset User Multi-Factor Authentication and Recovery Codes
- Multi-factor Authentication Developer Resources
Security Center
Security Guidance
Sender Constraining
Tokens

On this page

User OTP workflow
Learn more

Auth0 supports one-time passwords (OTPs) as factors. In order for users to leverage OTPs, you first must enable them as an MFA factor in your Auth0 tenant. Once enabled for your application, users can enroll in OTPs when accessing your application. To do so, they must install an authenticator application on their device, such as:

Auth0 Guardian (Google Play / App Store)
Authy (Google Play / App Store)
Google Authenticator (Google Play / App Store)
Microsoft Authenticator (Google Play / App Store)

User OTP workflow

When a user attempts to sign up through a prompt, they are prompted to scan a QR code to enroll in OTPs.

Auth0 Guardian OTP QR code setup example

If the user’s device is detected as a mobile device, Universal Login skips the QR code screen and instead displays an enrollment code directly in the prompt.

The temporary one-time password enrollment screen as displayed on a mobile device.

After a user has enrolled in OTPs, they can use OTPs to log in to your application. To do so, they first retrieve a one-time code from their preferred authenticator app.