li{list-style-type:disc;}.css-light-151tvvp ol>li{list-style-type:number;}.css-light-151tvvp ul>li,.css-light-151tvvp ol>li{font-size:1rem;margin:8px 0px;}.css-light-151tvvp .tablew{overflow-x:auto;scroll-behavior:smooth;webkit-overflow-scrolling:touch;}.css-light-151tvvp .table{font-size:0.875rem;letter-spacing:0.15px;border-collapse:collapse;}@media (max-width:823.95px){.css-light-151tvvp .table th{white-space:nowrap;}}.css-light-151tvvp .table tr>td,.css-light-151tvvp .table tr>th{line-height:1.25rem;padding:8px;vertical-align:top;border-top:1px solid #E8E8E8;}.css-light-151tvvp .table th{text-align:left;}.css-light-151tvvp .table>thead>tr>th{border-bottom:2px solid #E8E8E8;border-top:none;}.css-light-151tvvp .table>tbody>tr:nth-child(odd){background:#F6F6F6;}.css-light-151tvvp .panel{background-color:inherit;}.css-light-151tvvp .aside-container{padding:32px;border-radius:24px;border:1px solid #E8E8E8;}.css-light-151tvvp .aside-container .aside-heading{margin-bottom:12px;}.css-light-151tvvp .aside-container .aside-heading h4{margin-top:0;margin-bottom:0;}.css-light-151tvvp .aside-container .aside-body ul{padding-left:24px;}.css-light-151tvvp code:not(.code-highlight-prism),.css-light-151tvvp p>code{font-family:Roboto Mono,Menlo,Monaco,Consolas,Courier New,monospace;font-size:0.875rem;line-height:1.25rem;letter-spacing:0.15px;font-weight:400;-webkit-font-smoothing:subpixel-antialiased;padding:0px 6px 2px;border-radius:3px;}.css-light-151tvvp code small,.css-light-151tvvp p>code small{font-family:Roboto Mono,Menlo,Monaco,Consolas,Courier New,monospace;font-size:0.75rem;line-height:1.125rem;letter-spacing:0.25px;font-weight:400;-webkit-font-smoothing:subpixel-antialiased;}.css-light-151tvvp .code-picker .languages-bar .dropdown .dropdown-menu{background:#FFFFFF;list-style:none;padding-left:24px;}.css-light-151tvvp .code-picker .languages-bar>ul li{list-style-type:none;}.css-light-151tvvp .code-picker .languages-bar>ul>li.active>a{color:#263588;}.css-light-151tvvp .connections-container{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-box-pack:justify;-webkit-justify-content:space-between;justify-content:space-between;-webkit-box-flex-wrap:wrap;-webkit-flex-wrap:wrap;-ms-flex-wrap:wrap;flex-wrap:wrap;}.css-light-151tvvp .connections-container:after{content:none;-webkit-flex:auto;-ms-flex:auto;flex:auto;}.css-light-151tvvp .connection{padding:24px 16px;border:1px solid #E8E8E8;-webkit-flex-basis:23%;-ms-flex-preferred-size:23%;flex-basis:23%;margin-bottom:16px;margin-right:2.6666666%;overflow:hidden;-webkit-transition:-webkit-transform 0.2s,border 0.2s;transition:transform 0.2s,border 0.2s;}.css-light-151tvvp .connection:nth-child(4n){margin-right:0;}.css-light-151tvvp .connection.connection-public:hover{border:1px solid #E8E8E8;box-shadow:0px 2px 4px rgb(0 0 0 / 12%);-webkit-transform:scale(1.02);-moz-transform:scale(1.02);-ms-transform:scale(1.02);transform:scale(1.02);-webkit-text-decoration:none;text-decoration:none;}.css-light-151tvvp .connection.connection-public:focus{box-shadow:rgba(63, 89, 228, 0.25) 0px 0px 0px 0.25em;}@media (max-width:599.95px){.css-light-151tvvp .connection{-webkit-flex-basis:48%;-ms-flex-preferred-size:48%;flex-basis:48%;margin-right:4%;}.css-light-151tvvp .connection:nth-child(2n){margin-right:0;}}.css-light-151tvvp .connection-content{text-align:center;}.css-light-151tvvp .connection-title{font-size:1.125rem;line-height:1.25rem;margin-top:16px;margin-bottom:0;}.css-light-151tvvp .connection-image-wrap{display:inline-block;vertical-align:middle;}.css-light-151tvvp .connection-image-wrap img{max-height:60px;max-width:60px;}.css-light-151tvvp .title-portal-container{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:baseline;-webkit-box-align:baseline;-ms-flex-align:baseline;align-items:baseline;gap:4px;-webkit-transform:translateX(-20px);-moz-transform:translateX(-20px);-ms-transform:translateX(-20px);transform:translateX(-20px);}.css-light-151tvvp .title-portal-container:hover{cursor:pointer;}.css-light-151tvvp .title-portal-container:hover .title-portal-icon{opacity:1;}.css-light-151tvvp .title-portal-container .title-portal-icon{color:#686868;opacity:0;}.css-light-151tvvp .title-portal-container .title-portal-text{margin-top:24px;scroll-margin-top:88px;}.css-light-151tvvp .title-portal-container h2.title-portal-text{margin-top:40px;margin-bottom:8px;}.css-light-151tvvp .tooltip-portal-underlined-word{font-style:normal;border-bottom:1px dotted #686868;}.css-light-151tvvp .alert-content>p{font-family:Inter Var,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Oxygen,Ubuntu,Helvetica,Arial,sans-serif;font-weight:400;font-size:0.875rem;line-height:1.57143;letter-spacing:0;}.css-light-151tvvp .alert-content bold,.css-light-151tvvp .alert-content strong{font-weight:500;}.css-light-151tvvp .alert-content>p>a{font-weight:500;color:#191919;}.css-light-151tvvp .alert-content>p>a:hover{-webkit-text-decoration:none;text-decoration:none;}.css-light-151tvvp code .alert-content{font-family:Roboto Mono,Menlo,Monaco,Consolas,Courier New,monospace;font-size:0.875rem;line-height:1.25rem;letter-spacing:0.15px;font-weight:400;-webkit-font-smoothing:subpixel-antialiased;}.css-light-151tvvp .QuantumAlert-standardWarning,.css-light-151tvvp .alert-portal-severity-warning{background-color:#FEF2B3;}.css-light-151tvvp .QuantumAlert-standardWarning $icon,.css-light-151tvvp .alert-portal-severity-warning $icon{color:#786713;}.css-light-151tvvp .QuantumAlert-standardInfo,.css-light-151tvvp .alert-portal-severity-info{background-color:#EEF0FD;}.css-light-151tvvp .QuantumAlert-standardInfo $icon,.css-light-151tvvp .alert-portal-severity-info $icon{color:#3F59E4;}.css-light-151tvvp .alert-portal-content:last-child{margin-bottom:0;}.css-light-151tvvp .alert-portal-content p{font-family:Inter Var,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Oxygen,Ubuntu,Helvetica,Arial,sans-serif;font-weight:400;font-size:0.875rem;line-height:1.57143;letter-spacing:0;}.css-light-151tvvp .alert-portal-content p:last-child{margin-bottom:0;}.css-light-151tvvp .alert-portal-content code{font-family:Roboto Mono,Menlo,Monaco,Consolas,Courier New,monospace;font-size:0.875rem;line-height:1.25rem;letter-spacing:0.15px;font-weight:400;-webkit-font-smoothing:subpixel-antialiased;padding-left:3px;padding-right:3px;}.css-light-151tvvp .alert-portal-content bold,.css-light-151tvvp .alert-portal-content strong,.css-light-151tvvp .alert-portal-content b{font-weight:500;font-size:0.875rem;}.css-light-151tvvp .MuiTabs-flexContainer{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;}.css-light-151tvvp .MuiTab-root{margin-left:0;margin-right:16px;font-family:Inter,fakt-web,-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,Helvetica,Arial,sans-serif,'Apple Color Emoji','Segoe UI Emoji','Segoe UI Symbol';padding:6px 12px;overflow:hidden;position:relative;font-size:0.875rem;max-width:264px;min-width:unset;box-sizing:border-box;min-height:48px;text-align:center;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;font-weight:400;line-height:1.71429;white-space:normal;padding-left:0;padding-right:0;letter-spacing:0.01071em;text-transform:none;}.css-light-151tvvp .MuiTab-root .MuiTab-root:first-child{margin-left:0;}.css-light-151tvvp .MuiTabs-scroller{-webkit-flex:1 1 auto;-ms-flex:1 1 auto;flex:1 1 auto;display:inline-block;position:relative;white-space:nowrap;border-bottom:1px solid #E8E8E8;width:100%;}.css-light-151tvvp .MuiTab-textColorPrimary.Mui-selected{border-bottom:1px solid #263588;}.css-light-151tvvp .MuiTab-wrapper{width:100%;display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-box-pack:center;-ms-flex-pack:center;-webkit-justify-content:center;justify-content:center;}.css-light-151tvvp .MuiTab-labelIcon{min-height:72px;padding-top:8px;}.css-light-151tvvp .MuiTab-labelIcon .MuiTab-wrapper>*:first-child{margin-bottom:8px;}.css-light-151tvvp .MuiTab-textColorInherit{color:inherit;opacity:0.7;}.css-light-151tvvp .MuiTab-textColorInherit.Mui-selected{opacity:1;}.css-light-151tvvp .MuiTab-textColorInherit.Mui-disabled{opacity:0.5;}.css-light-151tvvp .MuiTab-textColorPrimary{color:#65676e;font-weight:400;}.css-light-151tvvp .MuiTab-textColorPrimary.Mui-disabled{color:#65676e;}.css-light-151tvvp .MuiTab-fullWidth{-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;max-width:none;-webkit-flex-basis:0;-ms-flex-preferred-size:0;flex-basis:0;-webkit-flex-shrink:1;-ms-flex-negative:1;flex-shrink:1;}.css-light-151tvvp .MuiTab-wrapped{font-size:0.75rem;line-height:1.5;}.css-light-151tvvp div[role=tabpanel] ol{list-style:inherit;padding-left:24px;}.css-light-151tvvp .MuiExpansionPanelSummary-content{margin:0;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;-webkit-transition:margin 150ms cubic-bezier(0.4, 0, 0.2, 1) 0ms;transition:margin 150ms cubic-bezier(0.4, 0, 0.2, 1) 0ms;}.css-light-151tvvp .MuiExpansionPanelSummary-content [data-cosmos-key="avatar-block"]{height:100%;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;}.css-light-151tvvp .MuiExpansionPanel-root{margin:0;padding:32px;position:relative;-webkit-transition:margin 150ms cubic-bezier(0.4, 0, 0.2, 1) 0ms;transition:margin 150ms cubic-bezier(0.4, 0, 0.2, 1) 0ms;}.css-light-151tvvp .MuiCollapse-hidden{visibility:hidden;}.css-light-151tvvp .MuiExpansionPanelSummary-expandIcon{width:25px;height:25px;-webkit-align-self:baseline;-ms-flex-item-align:baseline;align-self:baseline;}.css-light-151tvvp .MuiCollapse-root{height:0;transition-duration:268ms;min-height:0px;}.css-light-151tvvp .accordion-control-buttons{width:-webkit-fit-content;width:-moz-fit-content;width:fit-content;margin:0 0 8px auto;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;gap:5px;}.css-light-151tvvp .accordion-panels{box-shadow:none;display:grid;gap:16px;grid-template-columns:minmax(0px, 1fr);}.css-light-151tvvp .accordion-panel{border:1px solid #E8E8E8;padding:16px;border-radius:8px;box-shadow:none;}.css-light-151tvvp #accordion-summary{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;padding:0;min-hheight:unset;-webkit-transition:min-height 150ms cubic-bezier(0.4, 0, 0.2, 1) 0ms,background-color 150ms cubic-bezier(0.4, 0, 0.2, 1) 0ms;transition:min-height 150ms cubic-bezier(0.4, 0, 0.2, 1) 0ms,background-color 150ms cubic-bezier(0.4, 0, 0.2, 1) 0ms;}.css-light-151tvvp .accordion-numbered-icon{width:2rem;height:2rem;font-size:0.875rem;color:#635dff;background-color:#e9e8ff;border-radius:50%;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;overflow:hidden;position:relative;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;font-weight:500;text-transform:uppercase;-webkit-box-pack:center;-ms-flex-pack:center;-webkit-justify-content:center;justify-content:center;}.css-light-151tvvp .accordion-details{margin-top:16px;margin-left:0;margin-right:16px;}.css-light-151tvvp .accordion-numbered-details{margin-top:16px;margin-left:48px;margin-right:16px;}.css-light-qw3jjx{display:grid;grid-template-columns:minmax(0, 1fr);gap:24px;border:1px solid #E8E8E8;border-radius:4px;margin:32px 0px 40px;padding:40px;}.css-light-ve6lx2{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:row;-ms-flex-direction:row;flex-direction:row;-webkit-align-items:baseline;-webkit-box-align:baseline;-ms-flex-align:baseline;align-items:baseline;grid-gap:24px;}@media (max-width:823.95px){.css-light-ve6lx2{-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;}}.css-light-1890uci{margin:0;font-family:Inter Var,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Oxygen,Ubuntu,Helvetica,Arial,sans-serif;font-weight:400;font-size:0.875rem;line-height:1.57143;letter-spacing:0em;color:#686868;}.css-light-cnjcq1{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;margin:0;}.css-light-146h36z{display:grid;gap:16px;grid-template-columns:none;grid-auto-columns:min-content;grid-auto-flow:column;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;}@media (min-width:0px){.css-light-146h36z{grid-template-columns:minmax(0,1fr);}}@media (min-width:600px){.css-light-146h36z{grid-template-columns:minmax(0,1fr);}}@media (min-width:960px){.css-light-146h36z{grid-template-columns:repeat(2, minmax(0,1fr));}}@media (min-width:0px){.css-light-146h36z{grid-template-columns:none;}}@media (min-width:600px){.css-light-146h36z{grid-template-columns:none;}}@media (min-width:960px){.css-light-146h36z{grid-template-columns:none;}}.css-light-up5kby{display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:center;-ms-flex-pack:center;-webkit-justify-content:center;justify-content:center;position:relative;box-sizing:border-box;-webkit-tap-highlight-color:transparent;background-color:transparent;outline:0;border:0;margin:0;border-radius:0;padding:0;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;vertical-align:middle;-moz-appearance:none;-webkit-appearance:none;-webkit-text-decoration:none;text-decoration:none;color:inherit;font-family:Inter Var,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Oxygen,Ubuntu,Helvetica,Arial,sans-serif;font-weight:500;font-size:0.8125rem;line-height:1.57143;text-transform:capitalize;letter-spacing:0em;min-width:64px;padding:3px 9px;border-radius:4px;-webkit-transition:background-color 250ms cubic-bezier(0.4, 0, 0.2, 1) 0ms,box-shadow 250ms cubic-bezier(0.4, 0, 0.2, 1) 0ms,border-color 250ms cubic-bezier(0.4, 0, 0.2, 1) 0ms,color 250ms cubic-bezier(0.4, 0, 0.2, 1) 0ms;transition:background-color 250ms cubic-bezier(0.4, 0, 0.2, 1) 0ms,box-shadow 250ms cubic-bezier(0.4, 0, 0.2, 1) 0ms,border-color 250ms cubic-bezier(0.4, 0, 0.2, 1) 0ms,color 250ms cubic-bezier(0.4, 0, 0.2, 1) 0ms;border:1px solid rgba(104, 104, 104, 0.5);color:#686868;box-shadow:none;padding:6px 12px;color:#191919;width:-webkit-fit-content;width:-moz-fit-content;width:fit-content;white-space:nowrap;min-width:unset;font-size:0.875rem;padding:5px 11px;background-color:#FFFFFF;border-color:#D7D7D7;padding:3px 9px;color:#191919;padding:0px 8px;}.css-light-up5kby::-moz-focus-inner{border-style:none;}.css-light-up5kby.Mui-disabled{pointer-events:none;cursor:default;}@media print{.css-light-up5kby{-webkit-print-color-adjust:exact;color-adjust:exact;}}.css-light-up5kby:hover{-webkit-text-decoration:none;text-decoration:none;background-color:rgba(104, 104, 104, 0.04);border:1px solid #686868;}@media (hover: none){.css-light-up5kby:hover{background-color:transparent;}}.css-light-up5kby.Mui-disabled{color:rgba(0, 0, 0, 0.26);border:1px solid #F1F1F1;}.css-light-up5kby:hover{box-shadow:none;}.css-light-up5kby.Mui-focusVisible{box-shadow:none;}.css-light-up5kby:active{box-shadow:none;}.css-light-up5kby.Mui-disabled{box-shadow:none;}.css-light-up5kby.Mui-disabled,.css-light-up5kby:disabled{color:#8E8E8E;background-color:#E8E8E8;border-color:#D7D7D7;}.css-light-up5kby:focus,.css-light-up5kby.Mui-focusVisible{box-shadow:rgba(63, 89, 228, 0.25) 0px 0px 0px 0.25em;}.css-light-up5kby:hover,.css-light-up5kby.Mui-hover{background-color:#F1F1F1;border-color:#D7D7D7;}.css-light-up5kby:active,.css-light-up5kby.Mui-active{background-color:#E8E8E8;border-color:#D7D7D7;}.css-light-up5kby:focus{box-shadow:none;}.css-light-10lfzun{display:inherit;margin-right:8px;margin-left:-2px;}.css-light-10lfzun>*:nth-of-type(1){font-size:18px;}.css-light-10lfzun>*:first-child{font-size:1rem;height:1em;width:1em;}.css-light-1v33see{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:baseline;-webkit-box-align:baseline;-ms-flex-align:baseline;align-items:baseline;-webkit-column-gap:4px;column-gap:4px;color:#686868;}@media (max-width:823.95px){.css-light-1v33see{-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;}}.css-light-rk293q{padding-left:0;margin-left:8px;max-width:292px;font-weight:400;padding:8px;font-family:Inter Var,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Oxygen,Ubuntu,Helvetica,Arial,sans-serif;font-size:0.75rem;line-height:1.4rem;letter-spacing:0em;color:#686868;padding-top:4px;padding-bottom:4px;border-radius:4px;-webkit-text-decoration:none;text-decoration:none;width:100%;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;cursor:pointer;background:transparent;border:none;-webkit-transition:color 150ms cubic-bezier(0.4, 0, 0.2, 1) 0ms;transition:color 150ms cubic-bezier(0.4, 0, 0.2, 1) 0ms;--identicons-color-light:#D7D7D7;--identicons-color-base:#B9B9B9;--identicons-color-dark:#686868;}.css-light-rk293q .QuantumSidebarLink-title{color:#3F59E4;}.css-light-rk293q:focus{box-shadow:none;}.css-light-rk293q .QuantumSidebarLink-startIcon{font-size:1rem;}.css-light-rk293q:hover{color:#3F59E4;-webkit-text-decoration:none;text-decoration:none;--identicons-color-light:#CFD6F8;--identicons-color-base:#AAB6F3;--identicons-color-dark:#3F59E4;}.css-light-rk293q:focus-visible{outline:none;box-shadow:rgba(63, 89, 228, 0.25) 0px 0px 0px 0.25em;}
Skip to main content Protect Your Application
Compliance
Docs Secure Multi-factor Authentication Step-Up Authentication
Add Step-up Authentication With step-up authentication, applications that allow access to different types of resources can require users to authenticate with a stronger authentication mechanism to access sensitive resources.
You can add step-up authentication to your app with Auth0's extensible multi-factor authentication (MFA) support. Your app can verify that the user has logged in using MFA and, if not, require the user to step-up to access certain resources.
As an example, Fabrikam's Intranet requires users to authenticate with their username and password to access customer data. However, a request for access to employee data (which may contain sensitive salary information) triggers a stronger authentication mechanism like MFA.
Step-up Authentication for APIs When your audience is an API, you can implement step-up authentication with Auth0 using scopes , access tokens , and Actions . You can use an Action to trigger the step-up authentication mechanism (for example, prompt MFA) whenever the user requests scopes that map to sensitive resources.
In our example, a user signs into Fabrikam's web app. The standard login gives to this user the ability to interact with their API and fetch the user's account list. This means that the access token that the application receives after the user authentication contains a scope like read:accounts
.
Now the user wishes to transfer funds from one account to another, which is deemed a high-value transaction. In order to perform this action, the API requires the scope transfer:funds
.
The user's current access token does not include this scope and the application knows it (because the application knows the set of scopes it requested in the initial authentication call). The application performs another authentication call, but this time it requests the scope transfer:funds
. The browser redirects to Auth0. Per Fabrikam's Action, Auth0 challenges the user to authenticate with MFA because a high-value scope was requested. Once the user successfully authenticates with MFA, Auth0 generates and sends a new access token that includes the high-value scope. The application passes the access token to the API, which discards it after verification, thereby treating it as a single-use token.
To learn more, read Configure Step-up Authentication for APIs .
Step-up Authentication for web apps If it is a web app that verifies the authentication level, and not an API, then you do not have an access token. In this case, you can check if a user has logged in with MFA by reviewing the contents of their ID token . You can then configure your application to deny access to pages with sensitive information if the ID token indicates that the user did not log in with MFA, and use an Action to trigger the step-up authentication mechanism (for example, prompt MFA). For example, you might have an employee app that authenticates users with usernames and passwords, but if a user wants to access salary information, they have to provide a second factor such as a mobile push notification.
You can implement this by checking the ID token when the user tries to access that page. If the claims show that the user already has authenticated with MFA then display the sensitive information. Otherwise, trigger authentication again and, using an Action, prompt the user to authenticate with MFA.
To learn more, read Configure Step-up Authentication for Web Apps .
Was this article helpful?