> ## Documentation Index
> Fetch the complete documentation index at: https://docs-dev-docs-event-stream-action-templates.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.
> Describes multi-factor authentication (MFA) factors, policies, and use cases.
# Multi-Factor Authentication Factors
Auth0 supports a number of different options or factors for protecting user account access with multi-factor authentication (MFA).
To select the MFA factors to use on your tenant, go to [Dashboard > Security > Multi-factor Auth](https://manage.auth0.com/#/security/mfa). You must enable at least one factor on your tenant to use MFA. Available factors are dependent on your subscription plan. To learn more, read [Auth0 Pricing](https://auth0.com/pricing/).
## Factors
Auth0 supports the following factors for implementing MFA.
### Push notifications
Send users push notifications to their pre-registered devices, typically a mobile phone or tablet, from which a user can immediately allow or deny account access via the simple press of a button. Push factor is offered with the **Auth0 Guardian** mobile app, available for both iOS and Android. To learn more, read [Auth0 Guardian](/docs/secure/multi-factor-authentication/auth0-guardian).
If you don’t want your customers to have to download a separate application, Auth0 also provides a **Guardian SDK** for building a second-factor workflow in your existing mobile device app. To learn more, read [Install Guardian SDK](/docs/secure/multi-factor-authentication/multi-factor-authentication-developer-resources/install-guardian-sdk).
### SMS notifications
Send users a one-time code over SMS which the user is then prompted to enter before they can finish authenticating. To learn more, read [Configure SMS and Voice Notifications for MFA.](/docs/secure/multi-factor-authentication/multi-factor-authentication-factors/configure-sms-voice-notifications-mfa)
### Voice notifications
Deliver a one-time code to users through voice call which the user is then prompted to enter before they can finish authenticating. To learn more, read [Configure SMS and Voice Notifications for MFA.](/docs/secure/multi-factor-authentication/multi-factor-authentication-factors/configure-sms-voice-notifications-mfa)
### One-Time passwords
One-time passwords allow you to use an authenticator application on the user's personal device, such as Google Authenticator, to generate a one-time password that changes over time and which can be entered as the second factor to validate an account. To learn more, read [Configure OTP Notifications for MFA.](/docs/secure/multi-factor-authentication/multi-factor-authentication-factors/configure-otp-notifications-for-mfa)
### WebAuthn with security keys
Enable users to perform MFA with FIDO compliant Security Keys (e.g. [Yubikey](https://www.yubico.com/), [Google Titan](https://cloud.google.com/titan-security-key)). To learn more, read [Configure WebAuthn with Security Keys for MFA.](/docs/secure/multi-factor-authentication/fido-authentication-with-webauthn/configure-webauthn-security-keys-for-mfa)
### WebAuthn with device biometrics
Enable users to perform MFA using platform authenticators such as are MacBook’s TouchBar, Windows Hello, iOS Touch/FaceId, and Android’s fingerprint/face recognition. To learn more, read [Configure WebAuthn with Device Biometrics for MFA.](/docs/secure/multi-factor-authentication/fido-authentication-with-webauthn/configure-webauthn-device-biometrics-for-mfa)
### Email notifications
Enable users to perform MFA using one-time passwords delivered through email if the users are enrolled with additional [independent authentication factors](/docs/secure/multi-factor-authentication/enable-mfa#independent-factors). To learn more, read [Configure Email Notifications for MFA.](/docs/secure/multi-factor-authentication/multi-factor-authentication-factors/configure-email-notifications-for-mfa)
### Cisco Duo security
Cisco Duo is a multi-faceted provider and can only be used if it's the only factor available for the user. Use your Duo account to manage MFA with Auth0. To learn more, read [Configure Cisco Duo Security for MFA.](/docs/secure/multi-factor-authentication/configure-cisco-duo-for-mfa)
### Recovery codes
Recovery codes are unique codes allowing users to regain account access if they cannot access the device or account used for MFA enrollment. To learn more, read [Configure Recovery Codes for MFA.](/docs/secure/multi-factor-authentication/configure-recovery-codes-for-mfa)
## Policies
Policies determine when a user will be prompted to complete additional steps to prove they own a particular account. Use policies to define your own level of acceptable risk. You can choose between **Never**, **Use Adaptive MFA**, and **Always**.
You can achieve more refined multi-factor configurations (such as per application, per user, etc.) by using Auth0 Actions. To learn more, read [Auth0 Actions](/docs/customize/actions).
Rules affecting MFA takes precedence over the policy configuration in the Dashboard.
To learn more, read [Defined Authentication Policies on OpenID.](http://openid.net/specs/openid-provider-authentication-policy-extension-1_0.html#rfc.section.4)
## Use cases
There are different ways to manage MFA depending on your environment:
* B2B: Your customers manage MFA factors for their users.
* B2C: End users manage their own MFA factors via an **My MFA Settings** page.
* B2E: You manage MFA factors for your users.
To learn about the API endpoints that you can use to build a user interface to manage MFA factors, see [Manage Authenticator Factors Using the MFA API.](/docs/secure/multi-factor-authentication/manage-mfa-auth0-apis/manage-authenticator-factors-mfa-api)
Applications that allow access to different types of resources can require users to authenticate with a stronger authentication mechanism to access sensitive resources. See [Step-Up Authentication](/docs/secure/multi-factor-authentication/step-up-authentication) for details.
To create an Action go to [Dashboard > Actions > Flows](https://manage.auth0.com/#/actions/flows) and define conditions to trigger authentication challenges. Use Actions to force MFA for users of certain applications, or for users with particular user metadata or IP ranges, among other triggers.
Add contextual MFA which allows you to define arbitrary conditions that will trigger additional authentication challenges to your customers for increased security, for example, geographic location (geofencing), address or type of network used (IP filtering), time of day, day of the week or change in the location or device being used to log in.
## Learn more
* [Configure Push Notifications for MFA](/docs/secure/multi-factor-authentication/multi-factor-authentication-factors/configure-push-notifications-for-mfa)
* [Configure SMS and Voice Notifications for MFA](/docs/secure/multi-factor-authentication/multi-factor-authentication-factors/configure-sms-voice-notifications-mfa)
* [Configure OTP Notifications for MFA](/docs/secure/multi-factor-authentication/multi-factor-authentication-factors/configure-otp-notifications-for-mfa)
* [Configure Email Notifications for MFA](/docs/secure/multi-factor-authentication/multi-factor-authentication-factors/configure-email-notifications-for-mfa)
* [Configure Cisco Duo Security for MFA](/docs/secure/multi-factor-authentication/configure-cisco-duo-for-mfa)
* [Configure WebAuthn with Security Keys for MFA](/docs/secure/multi-factor-authentication/fido-authentication-with-webauthn/configure-webauthn-security-keys-for-mfa)