> ## Documentation Index
> Fetch the complete documentation index at: https://docs-staging-quickstart-revamp.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

> Learn how to enable Adaptive MFA for low confidence logins based on Auth0's risk assessment and overall confidence scores.

# Enable Adaptive MFA

<Card title="Before you start">
  * Subscribe to an Enterprise Plan with the Adaptive MFA addon. Refer to [Auth0 Pricing](https://auth0.com/pricing/) for details.
  * Configure and enable a Database or Active Directory connection.
  * Configure and enable at least one MFA factor.
</Card>

Use <Tooltip tip="Adaptive Multi-factor Authentication: Multi-factor authentication (MFA) that is only triggered for users when an attempted login is determined to be a low confidence login." cta="View Glossary" href="/docs/glossary?term=Adaptive+MFA">Adaptive MFA</Tooltip> to trigger <Tooltip tip="Adaptive Multi-factor Authentication: Multi-factor authentication (MFA) that is only triggered for users when an attempted login is determined to be a low confidence login." cta="View Glossary" href="/docs/glossary?term=MFA">MFA</Tooltip> when Auth0 determines that an attempted login is risky and to record risk assessments for all login transactions in your tenant logs.

## Enable Adaptive MFA

You can enable Adaptive MFA in the <Tooltip tip="Auth0 Dashboard: Auth0's main product to configure your services." cta="View Glossary" href="/docs/glossary?term=Auth0+Dashboard">Auth0 Dashboard</Tooltip> or with the Auth0 <Tooltip tip="Auth0 Dashboard: Auth0's main product to configure your services." cta="View Glossary" href="/docs/glossary?term=Management+API">Management API</Tooltip>.

<Tabs>
  <Tab title="Dashboard">
    1. Go to [**Dashboard > Security > Multi-factor Auth**](https://manage.auth0.com/#/security/mfa).

    <Frame>
      <img src="https://mintcdn.com/docs-staging-quickstart-revamp/R8rXfTj95YBIEuC2/images/cdy7uua7fh8z/4IlQi0LXOPJdYjOuo09xtE/944ce27c115cb43133aac78d9b6b7886/MFA_Factors_-_English.png?fit=max&auto=format&n=R8rXfTj95YBIEuC2&q=85&s=9405a86428033b8a77c4b5919e6e4e49" alt="Auth0 Dashboard Security Multi-factor Auth Adaptive MFA Policy" width="839" height="1076" data-path="images/cdy7uua7fh8z/4IlQi0LXOPJdYjOuo09xtE/944ce27c115cb43133aac78d9b6b7886/MFA_Factors_-_English.png" />
    </Frame>

    2. In the **Factors** section, enable and configure at least one MFA Factor. To learn more, read [Multi-Factor Authentication Factors](/docs/secure/multi-factor-authentication/multi-factor-authentication-factors).

    3. In the **Define policies** section, locate **Require Multi-factor Auth**, and then select **Use Adaptive MFA**. Risk assessment will automatically be enabled and recorded in your tenant logs.

    4. Click **Save**.

    <Callout icon="file-lines" color="#0EA5E9" iconType="regular">
      If you are using the [Identifier First Authentication](/docs/authenticate/login/auth0-universal-login/identifier-first) factor `email`, you must update email attributes in [Dashboard > Database Connections > Authentication Methods](https://manage.auth0.com/#/connections/database). On the Email Configuration tab, ensure the email attribute is active. Then, set **Allow Signup to Required** and enable **Require** email on user profile.

      <Frame>
        <img src="https://mintcdn.com/docs-staging-quickstart-revamp/TU1OUbCB6Vk1Wu6L/images/cdy7uua7fh8z/ql7yYX1GnJaiPQnjQQBTs/7ce5b2a51be21e4b3b6dc65b97b4b3eb/Email_Config_-_English.png?fit=max&auto=format&n=TU1OUbCB6Vk1Wu6L&q=85&s=2d3b72baaa5c7b9d7f9dc24ffaec6cee" alt="Auth0 Dashboard > Authentication > Database Connections > Authentication Methods" data-og-width="532" width="532" data-og-height="829" height="829" data-path="images/cdy7uua7fh8z/ql7yYX1GnJaiPQnjQQBTs/7ce5b2a51be21e4b3b6dc65b97b4b3eb/Email_Config_-_English.png" data-optimize="true" data-opv="3" srcset="https://mintcdn.com/docs-staging-quickstart-revamp/TU1OUbCB6Vk1Wu6L/images/cdy7uua7fh8z/ql7yYX1GnJaiPQnjQQBTs/7ce5b2a51be21e4b3b6dc65b97b4b3eb/Email_Config_-_English.png?w=280&fit=max&auto=format&n=TU1OUbCB6Vk1Wu6L&q=85&s=c89b65f55d7067b65b0dbae6ba6b588a 280w, https://mintcdn.com/docs-staging-quickstart-revamp/TU1OUbCB6Vk1Wu6L/images/cdy7uua7fh8z/ql7yYX1GnJaiPQnjQQBTs/7ce5b2a51be21e4b3b6dc65b97b4b3eb/Email_Config_-_English.png?w=560&fit=max&auto=format&n=TU1OUbCB6Vk1Wu6L&q=85&s=ae5fbb59ce0c13d0ed05d1f6261d8638 560w, https://mintcdn.com/docs-staging-quickstart-revamp/TU1OUbCB6Vk1Wu6L/images/cdy7uua7fh8z/ql7yYX1GnJaiPQnjQQBTs/7ce5b2a51be21e4b3b6dc65b97b4b3eb/Email_Config_-_English.png?w=840&fit=max&auto=format&n=TU1OUbCB6Vk1Wu6L&q=85&s=870552f260628d9f363ae409070a1328 840w, https://mintcdn.com/docs-staging-quickstart-revamp/TU1OUbCB6Vk1Wu6L/images/cdy7uua7fh8z/ql7yYX1GnJaiPQnjQQBTs/7ce5b2a51be21e4b3b6dc65b97b4b3eb/Email_Config_-_English.png?w=1100&fit=max&auto=format&n=TU1OUbCB6Vk1Wu6L&q=85&s=65418c88b63767b0c4dfcde7990c51d3 1100w, https://mintcdn.com/docs-staging-quickstart-revamp/TU1OUbCB6Vk1Wu6L/images/cdy7uua7fh8z/ql7yYX1GnJaiPQnjQQBTs/7ce5b2a51be21e4b3b6dc65b97b4b3eb/Email_Config_-_English.png?w=1650&fit=max&auto=format&n=TU1OUbCB6Vk1Wu6L&q=85&s=cb96c316fb28465bbfa60125b0841c49 1650w, https://mintcdn.com/docs-staging-quickstart-revamp/TU1OUbCB6Vk1Wu6L/images/cdy7uua7fh8z/ql7yYX1GnJaiPQnjQQBTs/7ce5b2a51be21e4b3b6dc65b97b4b3eb/Email_Config_-_English.png?w=2500&fit=max&auto=format&n=TU1OUbCB6Vk1Wu6L&q=85&s=06c9fce62a07eba8e02a8814007a423b 2500w" />
      </Frame>
    </Callout>
  </Tab>

  <Tab title="Management API">
    1. Get a [Management API access token](/docs/secure/tokens/access-tokens/management-api-access-tokens/get-management-api-access-tokens-for-production) with the `update:mfa_policies` scope.

    2. Call the Management API [Set the multi-factor authentication policies](https://auth0.com/docs/api/management/v2/guardian/put-policies) endpoint with the appropriate payload.
  </Tab>
</Tabs>

## Enable Adaptive MFA Risk Assessment

If you aren't ready to enable Adaptive MFA, but want to start training it to analyze login behavior, you can enable Adaptive MFA Risk Assessment independently.

1. Go to [Dashboard > Security > Multi-factor Auth](https://manage.auth0.com/#/security/mfa).
2. Locate the **Define policies** section.
3. In **MFA Risk Assessors**, select **Enable Adaptive MFA Risk Assessment**.
4. Select **Save**.

## Customize Adaptive MFA

You can customize the behavior of Adaptive MFA to provide the best experience for your users while ensuring security. To learn more, read [Customize Adaptive MFA](/docs/secure/multi-factor-authentication/adaptive-mfa/customize-adaptive-mfa).

<Callout icon="file-lines" color="#0EA5E9" iconType="regular">
  Actions that trigger MFA take precedence over default Adaptive MFA behavior.
</Callout>

## Limitations

Assessment information in tenant logs is only available for interactive flows. Auth0 does not support recording assessment information for <Tooltip tip="Resource Owner: Entity (such as a user or application) capable of granting access to a protected resource." cta="View Glossary" href="/docs/glossary?term=Resource+Owner">Resource Owner</Tooltip> Password Grant (ROPG) flows without adaptive MFA enabled. For more information about authentication flow limitations, read [Adaptive MFA](/docs/secure/multi-factor-authentication/adaptive-mfa).

## Learn more

* [Customize Adaptive MFA](/docs/secure/multi-factor-authentication/adaptive-mfa/customize-adaptive-mfa)
* [Adaptive MFA Log Events](/docs/secure/multi-factor-authentication/adaptive-mfa/adaptive-mfa-log-events)
* [Multi-Factor Authentication Factors](/docs/secure/multi-factor-authentication/multi-factor-authentication-factors)
