Realization of custom logic using Auth0 Actions function (customization of MFA requirements)

Security business menu

Security business
HOME

To be elected
cause

Service

Handling Manufacturer

Examples/reports/
Blog/Glossary

Seminar/
video on demand

TOP

Products/Services

product
- Okta Workforce Identity Cloud
- Okta Customer Identity Cloud

Specifications/Technical Information

Specifications/Technical Information
- Workforce Identity Cloud Basic Setup Behavior Guide
- Customer Identity Cloud (Auth0) basic setup behavior guide

solution

solution
- Okta Solutions - Zero Trust with Okta

User stories

support

- Macnica Support

Seminar content

Document request

inquiry

Event/Seminar

video on demand

Okta

Octa

Introduction

Auth0 has a feature called Actions that allows you to incorporate custom logic into authentication processes such as login and user registration. For example, when logging in, you can request MFA or deny authentication according to the country or IP address of the access source, and when registering users, you can force email authentication.

On this page, we will introduce the setting method and actual operation, taking as an example the realization of the operation to skip the MFA request only when logging in from a specific IP address or a specific email address.

premise

The information on functions and settings described on this page is current as of October 2022.

Setting overview

The settings for implementing custom logic using the Actions function are as follows.

1. Create a new Action

・Definition of custom logic by code editing (JavaScript description)

2. Incorporate the created Action into Flow
・Specify the trigger that activates the created Action
・Select a trigger from those already defined on the Auth0 side (at login, before user registration, etc.)

From here, we will introduce specific setting methods and operation examples.

Setting example A: Skip MFA only when logging in from a specific IP address

1. Create New Action

①On the Auth0 management screen, click [Actions] > [Library]

② Click [Build Custom]

(3) Select the name of the action to be created, the trigger of the action, and the execution environment, and click [Create].
This time, select [Trigger] = [Login/Post Login] to incorporate Action into the login flow.

④ Describe the logic to be realized in the code editor (JavaScript description)
In the process, specify the IP address you want to skip MFA

⑤Click [Deploy]

⑥ Confirm that the created Action has been successfully deployed

2. Incorporate the created Action into Flow
① Click Actions > Flows on the Auth0 management screen

② Select the Flow that incorporates the created Action. Here, click [Login]

③ From the list of Actions displayed in the Custom tab on the right side of the screen, drag and drop the Action created in 1. and incorporate it into the flow diagram on the left side of the screen.

④Click [Apply]

⑤ Confirm that it was reflected normally

Precautions in operation realization

In order to use the Action created this time to skip MFA only when logging in from a specific IP address and request MFA for other logins, set [Define policies] to [Never] on the MFA settings screen. must be The [Define policies] setting does not require MFA, and the processing within the Action controls MFA requirements.

1.On the Auth0 management screen, click [Security] > [Multi-factor Auth]

2.Set [Require Multi-factor Auth] in [② Define policies] to [Never]

Operation example A: Skip MFA only when logging in from a specific IP address

1. Start the Auth0-linked sample app and click [Login]

2. Enter your email address and password, and click [Continue]

3. Make sure MFA is skipped and you can log in

Setting example B: Skip MFA only when logging in with a specific email address

1. Create New Action
• Set in the same way as [ 1. Create a new Action ] in Setting Example A.
•In setting step 4, change the processing content to judgment for email addresses

2. Incorporate the created Action into Flow
•Set in the same way as [2. Incorporate the created Action into Flow] in Setting Example A.

Operation example B: Skip MFA only when logging in with a specific email address

Check the operation by the same operation as the operation example A.

Summary

By using Auth0's Actions function in this way, you can customize any processing requirements in the authentication process. It also comes with version control, testing, and debugging functions that are necessary for coding. You can try the functions even in the free Auth0 trial environment, so please feel the high degree of customizability.

In addition to the logic introduced this time, Auth0 allows you to incorporate various custom logic into the authentication process using the Actions feature. If you are interested in Auth0's Actions feature, please contact us.

reference

Auth0 Actions – Auth0 docs
https://auth0.com/docs/customize/actions

Click here for a list of Customer Identity Cloud (Auth0) basic setting operation guides

Inquiry/Document request

In charge of Macnica Okta Co., Ltd.

inquiry Document request

TEL：045-476-2010
E-mail：okta@macnica.co.jp

Mon-Fri 8:45-17:30