Looking for support for Auth0 authentication? Here are the steps to take to add SMS-based multifactor authentication (MFA) to the login flow for an Auth0 tenant. (A tenant is a specification for a group of users who share access to an application instance — for instance, a company with multiple employees.) We’ll assume you already have an Auth0 account and tenant and a Plivo account.
We recommend testing your setup on a staging or development server before making changes to your production login flow.
Add the Action
Go to Actions > Library and select Add Integration.
Read the necessary access requirements and click Continue.
Configure the integration by filling in the fields on the next screen with your Plivo Auth ID and Auth Token and your Plivo phone number.
- Click Create to add the integration to your library.
Click the Add to flow link on the pop-up that appears.
Drag the Action into the flow.
- Click Apply Changes. Now this flow will use the Plivo integration to send an SMS message whenever it’s called.
Activate custom SMS factor
Go to Dashboard > Security > Multi-factor Auth and click the Phone Message factor box. In the modal that appears, select Custom for the delivery provider, make any adjustments you’d like to the templates, then click Save and close the modal. Finally, enable the SMS factor using the toggle switch.
Auth0 will immediately begin using this factor for MFA during login. Before you activate your integration in production, make sure you’ve configured all of the components correctly and verified everything on a test tenant.
Test MFA flow
Navigate to the Authentication section in the Auth0 Manage Dashboard, choose your Connection, then select Try from the connection’s dropdown menu to verify that everything works as intended.
You can then log into your Plivo account to verify that SMS messages are indeed being sent.
If you don’t receive an SMS message as expected, look in your tenant logs for a failed Phone Message log entry. To learn which event types to search, see the Log Event Type Code list. You can use the Filter control to find MFA errors.
Make sure that:
- The Action is in the Send Phone Message flow.
- The secrets are the same Plivo Auth ID and Auth Token you created when you added the Action.
- Your Plivo account is active (not suspended).
- Your phone number is formatted in E.164 format.