> ## Documentation Index
> Fetch the complete documentation index at: https://docs-dev-docs-event-stream-action-templates.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.
> Learn how to create an enrollment ticket from the Auth0 MFA API.
# Create Custom Enrollment Tickets
export const AuthCodeGroup = ({children, dropdown}) => {
const [processedChildren, setProcessedChildren] = useState(children);
useEffect(() => {
let unsubscribe = null;
function init() {
unsubscribe = window.autorun(() => {
const processChildren = node => {
if (typeof node === "string") {
let processedNode = node;
for (const [key, value] of window.rootStore.variableStore.values.entries()) {
const escapedKey = key.replaceAll(/[.*+?^${}()|[\]\\]/g, (String.raw)`\$&`);
processedNode = processedNode.replaceAll(new RegExp(escapedKey, "g"), value);
}
return processedNode;
} else if (Array.isArray(node)) {
return node.map(processChildren);
} else if (node && node.props && node.props.children) {
return {
...node,
props: {
...node.props,
children: processChildren(node.props.children)
}
};
}
return node;
};
setProcessedChildren(processChildren(children));
});
}
if (window.rootStore) {
init();
} else {
window.addEventListener("adu:storeReady", init);
}
return () => {
window.removeEventListener("adu:storeReady", init);
unsubscribe?.();
};
}, [children]);
return {processedChildren};
};
export const AuthCodeBlock = ({filename, icon, language, highlight, children}) => {
const [displayText, setDisplayText] = useState(children);
const [copyText, setCopyText] = useState(children);
const wrapperRef = React.useRef(null);
useEffect(() => {
let unsubscribe = null;
function init() {
if (!window.autorun || !window.rootStore) {
return;
}
unsubscribe = window.autorun(() => {
let processedChildrenForDisplay = children;
let processedChildrenForCopy = children;
for (const [key, value] of window.rootStore.variableStore.values.entries()) {
const escapedKey = key.replaceAll(/[.*+?^${}()|[\]\\]/g, (String.raw)`\$&`);
let displayValue = value;
if (key === "{yourClientSecret}" && value !== "{yourClientSecret}") {
displayValue = value.substring(0, 3) + "*****MASKED*****";
}
processedChildrenForDisplay = processedChildrenForDisplay.replaceAll(new RegExp(escapedKey, "g"), displayValue);
processedChildrenForCopy = processedChildrenForCopy.replaceAll(new RegExp(escapedKey, "g"), value);
}
setDisplayText(processedChildrenForDisplay);
setCopyText(processedChildrenForCopy);
});
}
if (window.rootStore) {
init();
} else {
window.addEventListener("adu:storeReady", init);
}
return () => {
window.removeEventListener("adu:storeReady", init);
unsubscribe?.();
};
}, [children]);
useEffect(() => {
if (!wrapperRef.current) return;
const originalWriteText = navigator.clipboard.writeText.bind(navigator.clipboard);
let isOverriding = false;
const handleClick = e => {
const button = e.target.closest('[data-testid="copy-code-button"]');
if (!button || !wrapperRef.current.contains(button)) return;
isOverriding = true;
navigator.clipboard.writeText = text => {
if (isOverriding) {
isOverriding = false;
navigator.clipboard.writeText = originalWriteText;
return originalWriteText(copyText);
}
return originalWriteText(text);
};
setTimeout(() => {
if (isOverriding) {
isOverriding = false;
navigator.clipboard.writeText = originalWriteText;
}
}, 100);
};
const wrapper = wrapperRef.current;
wrapper.addEventListener('click', handleClick, true);
return () => {
wrapper.removeEventListener('click', handleClick, true);
if (navigator.clipboard.writeText !== originalWriteText) {
navigator.clipboard.writeText = originalWriteText;
}
};
}, [copyText]);
return
{displayText}
;
};
If you want to customize and manage your users' [Multi-Factor Authentication (MFA)](/docs/secure/multi-factor-authentication) enrollments, you can use Custom Enrollment Tickets. Auth0's Custom Enrollment Tickets generate a single-use link to direct your users to enroll in MFA with the [factor(s)](/docs/secure/multi-factor-authentication/multi-factor-authentication-factors) you specify.
### Use cases
Use Custom Enrollment Tickets for:
* Onboarding new users
* Configuring user settings
* Specifying factors you want customers to choose during enrollment
* Allowing users to enroll more than one factor
### Configure Custom Enrollment Tickets
Make a post call to Management API's [`/guardian/post_ticket`](https://auth0.com/docs/api/management/v2#!/Guardian/post_ticket) endpoint.
```bash cURL theme={null}
curl --request POST \
--url 'https://{yourDomain}/api/v2/guardian/post-ticket' \
--header 'authorization: Bearer {yourMgmtApiAccessToken}' \
--header 'content-type: application/json' \
--data '{
"user_id": "string",
"email": "user@exampleco.com",
"send_email": "true",
"email_locale": "string",
"factor": "oob",
"allow_multiple_enrollments": "true"
}'
```
```csharp C# theme={null}
var client = new RestClient("https://{yourDomain}/api/v2/guardian/post-ticket");
var request = new RestRequest(Method.POST);
request.AddHeader("authorization", "Bearer {yourMgmtApiAccessToken}");
request.AddHeader("content-type", "application/json");
request.AddParameter("application/json", "{
"user_id": "string",
"email": "user@exampleco.com",
"send_email": "true",
"email_locale": "string",
"factor": "oob",
"allow_multiple_enrollments": "true"
}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
```
```go Go theme={null}
package main
import (
"fmt"
"strings"
"net/http"
"io/ioutil"
)
func main() {
url := "https://{yourDomain}/api/v2/guardian/post-ticket"
payload := strings.NewReader("{
"user_id": "string",
"email": "user@exampleco.com",
"send_email": "true",
"email_locale": "string",
"factor": "oob",
"allow_multiple_enrollments": "true"
}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("authorization", "Bearer {yourMgmtApiAccessToken}")
req.Header.Add("content-type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := ioutil.ReadAll(res.Body)
fmt.Println(res)
fmt.Println(string(body))
}
```
```java Java theme={null}
HttpResponse response = Unirest.post("https://{yourDomain}/api/v2/guardian/post-ticket")
.header("authorization", "Bearer {yourMgmtApiAccessToken}")
.header("content-type", "application/json")
.body("{
"user_id": "string",
"email": "user@exampleco.com",
"send_email": "true",
"email_locale": "string",
"factor": "oob",
"allow_multiple_enrollments": "true"
}")
.asString();
```
```javascript Node.JS theme={null}
var axios = require("axios").default;
var options = {
method: 'POST',
url: 'https://{yourDomain}/api/v2/guardian/post-ticket',
headers: {
authorization: 'Bearer {yourMgmtApiAccessToken}',
'content-type': 'application/json'
},
data: {
user_id: 'string',
email: 'user@exampleco.com',
send_email: 'true',
email_locale: 'string',
factor: 'oob',
allow_multiple_enrollments: 'true'
}
};
axios.request(options).then(function (response) {
console.log(response.data);
}).catch(function (error) {
console.error(error);
});
```
```php PHP theme={null}
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://{yourDomain}/api/v2/guardian/post-ticket",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => "{
"user_id": "string",
"email": "user@exampleco.com",
"send_email": "true",
"email_locale": "string",
"factor": "oob",
"allow_multiple_enrollments": "true"
}",
CURLOPT_HTTPHEADER => [
"authorization: Bearer {yourMgmtApiAccessToken}",
"content-type: application/json"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
```
```python Python theme={null}
import http.client
conn = http.client.HTTPSConnection("")
payload = "{
"user_id": "string",
"email": "user@exampleco.com",
"send_email": "true",
"email_locale": "string",
"factor": "oob",
"allow_multiple_enrollments": "true"
}"
headers = {
'authorization': "Bearer {yourMgmtApiAccessToken}",
'content-type': "application/json"
}
conn.request("POST", "/{yourDomain}/api/v2/guardian/post-ticket", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
```
```ruby Ruby theme={null}
require 'uri'
require 'net/http'
require 'openssl'
url = URI("https://{yourDomain}/api/v2/guardian/post-ticket")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Post.new(url)
request["authorization"] = 'Bearer {yourMgmtApiAccessToken}'
request["content-type"] = 'application/json'
request.body = "{
"user_id": "string",
"email": "user@exampleco.com",
"send_email": "true",
"email_locale": "string",
"factor": "oob",
"allow_multiple_enrollments": "true"
}"
response = http.request(request)
puts response.read_body
```
| Parameter | Required | Description |
| ---------------------------- | -------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `allow_multiple_enrollments` | Optional | Allows a previously enrolled user to enroll with additional factors, excluding email. |
| `factor` | Optional | Specifies which factor the user must enroll with, excluding email. Used with `allow_multiple_enrollments`, can specify more than one factor for enrollment. |
These parameters can only be used with [Universal Login](/docs/authenticate/login/auth0-universal-login) and cannot be used with Classic Login or custom MFA pages.
Management API returns an enrollment ticket containing a `ticket_id` and a `ticket_url`. The `ticket_id` is for internal use. Deliver the `ticket_url` to the user with the `send_email` parameter to kick off the enrollment process. Tickets expire after 5 days and are single-use. A user who receives a ticket will only be able to enroll once.
Sample response:
```json lines theme={null}
{
"ticket_id": "gten_8b2f5e90d2c848dc9230d34f",
"ticket_url": "https://guardianadnrdoifcmtest0.eu.auth0.com/guardian/enroll?ticket=gten_8b2f5e90d2c848dc9230d34f"
}
```
If you enable [Multiple Custom Domains](/docs/customize/custom-domains/multiple-custom-domains), you need to include the `auth0-custom-domain` HTTP header. To learn more, review [Multiple Custom Domains](/docs/customize/custom-domains/multiple-custom-domains#customize-email-handling-using-the-management-api).
### Custom Enrollment Tickets with Classic Login
If you are using the [Classic Login](/docs/authenticate/login/auth0-universal-login/universal-login-vs-classic-login/classic-experience) experience and need to customize how the page looks when the user navigates to the `ticket_url`, you can edit the MFA page.
1. Navigate to [Dashboard > Branding > Universal Login > Advanced options > Multi-factor Authentication.](https://manage.auth0.com/#/mfa_page)
2. If **Customize MFA Page** is not selected, toggle this option on.
3. Update the `ticket` variable.
Example:
```liquid lines theme={null}
{% if ticket %}
Welcome, {{ userData.email }}, enroll your device below
{% else %}
Welcome back, {{ userData.email }}, authenticate below
{% endif %}
```
## Learn more
* [MFA Widget Theme Options](/docs/secure/multi-factor-authentication/customize-mfa/mfa-widget-theme-options)
* [Guardian Error Code Reference](/docs/secure/multi-factor-authentication/multi-factor-authentication-developer-resources/guardian-error-code-reference)
* [Auth0 MFA API](/docs/secure/multi-factor-authentication/multi-factor-authentication-developer-resources/mfa-api)