Provide option to Enable/Disable the Enable adaptive MFA risk assessment option in policies.

[Arifahmed007]

Checklist

• I agree to the terms within the Auth0 Code of Conduct.

Describe the problem you'd like to have solved

I am referring doc https://registry.terraform.io/providers/auth0/auth0/latest/docs/resources/guardian and i dont see any argument to Enable adaptive MFA risk assessment option in policies. it would be great if someone could provide this option or else is there any other way around for me to enable this using some other resource in provider.

Alternatives and current workarounds

No response

Additional context

No response

[duedares-rvj]

@Arifahmed007 Hello! 👋

Please Ref: https://registry.terraform.io/providers/auth0/auth0/latest/docs/resources/guardian#policy-1
One can set the policy field to never, all-applications and confidence-score which is equivalent of the three options described in your screenshot.

Let me know if this resolves the query.
Thanks!

[cireCloud]

Hello, separate user here as we keep close eye on this issue.

It's not helping, the whole point is to customize Adaptive MFA and not disable everything..

[duedares-rvj]

@cireCloud For customizing Adaptive MFA you can use auth0_action
Ref: https://auth0.com/docs/secure/multi-factor-authentication/adaptive-mfa/customize-adaptive-mfa

I'd be happy to get on a zoom call to discuss this further.
Feel free to send an invite on [email protected]
Or drop me your email ID and I'll send you one.
Thanks!

[duedares-rvj]

Following up on this @cireCloud
Please let me know if my above response on customizing the MFA via auth0_action resource seemed like a viable option for your use-case.

Thanks!

[cireCloud]

That page is not related to a Terraform provider? Also auth0_action resource is neither.

[duedares-rvj]

Didn't mean to create a confusion here. The customize-adaptive-mfa page explains the use and involvement of Actions.

If you're like to use action in terraform, consider using the auth0_action resource.
Documentation can be found here:
https://registry.terraform.io/providers/auth0/auth0/latest/docs/resources/action

Let me know if that helps :)

[lethargynavigator]

Hi @duedares-rvj

I think what @Arifahmed007 is asking for is this setting to be exposed in the provider:

We are facing the same issue in our org where we have numerous tenants we might want to enable this in, which doing manually is painful.

[duedares-rvj]

Hello @lethargynavigator @cireCloud 👋

Apologies for any initial confusion.
After reviewing the request, I looked into the feasibility of implementing this in the Terraform provider.
The main challenge is that this toggle is not currently exposed via a management API endpoint.

I discussed this with the team, and unfortunately, we won't be able to support this at the moment.
While we don’t have a specific timeline for when this might be available, I’m moving this issue to the Discussions section so we can continue tracking it and revisit it in the future.

I know this might not be the desired resolution, but we’ll do our best to support this change as soon as possible!
Thanks for your patience throughout.

[Booligoosh]

Hi @duedares-rvj, it is actually exposed via a Management API endpoint, just not documented. However it would need to be supported in the Go SDK before it could be supported here in Terraform.

curl --request PATCH \
  --url 'https://$AUTH0_DOMAIN/api/v2/risk-assessment/config' \
  --header 'Content-Type: application/json' \
  --data '{ "AfterAuthentication": true }'

Setting to true will enable, setting to false will disable.

In the meantime, we have created a Terraform Null Resource that runs this API call for us during our Terraform deploy.

[kiran-cvent]

The provision to enable/disable risk assessment in Auth0 using Auth0 Terraform Provider is something we also need. It would be great, if we can surface that setting in Terraform.