> ## Documentation Index
> Fetch the complete documentation index at: https://docs-staging-quickstart-revamp.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

> Learn how to create an enrollment ticket from the Auth0 MFA API.

# Create Custom Enrollment Tickets

If you want to customize and manage your users' [Multi-Factor Authentication (MFA)](/docs/secure/multi-factor-authentication) enrollments, you can use Custom Enrollment Tickets. Auth0's Custom Enrollment Tickets generate a single-use link to direct your users to enroll in <Tooltip tip="Multi-factor authentication (MFA): User authentication process that uses a factor in addition to username and password such as a code via SMS." cta="View Glossary" href="/docs/glossary?term=MFA">MFA</Tooltip> with the [factor(s)](/docs/secure/multi-factor-authentication/multi-factor-authentication-factors) you specify.

### Use cases

Use Custom Enrollment Tickets for:

* Onboarding new users
* Configuring user settings
* Specifying factors you want customers to choose during enrollment
* Allowing users to enroll more than one factor

### Configure Custom Enrollment Tickets

Make a post call to <Tooltip tip="Management API: A product to allow customers to perform administrative tasks." cta="View Glossary" href="/docs/glossary?term=Management+API">Management API</Tooltip>'s [`/guardian/post_ticket`](https://auth0.com/docs/api/management/v2#!/Guardian/post_ticket) endpoint.

<CodeGroup>
  ```bash cURL lines
  curl --request POST \
    --url 'https://{yourDomain}/api/v2/guardian/post-ticket' \
    --header 'authorization: Bearer {yourMgmtApiAccessToken}' \
    --header 'content-type: application/json' \
    --data '{ 
   "user_id": "string",
   "email": "user@exampleco.com",
   "send_email": "true",
   "email_locale": "string",
   "factor": "oob",
   "allow_multiple_enrollments": "true"
   }'
  ```

  ```csharp C# lines
  var client = new RestClient("https://{yourDomain}/api/v2/guardian/post-ticket");
  var request = new RestRequest(Method.POST);
  request.AddHeader("authorization", "Bearer {yourMgmtApiAccessToken}");
  request.AddHeader("content-type", "application/json");
  request.AddParameter("application/json", "{ \n \"user_id\": \"string\",\n \"email\": \"user@exampleco.com\",\n \"send_email\": \"true\",\n \"email_locale\": \"string\",\n \"factor\": \"oob\",\n \"allow_multiple_enrollments\": \"true\"\n }", ParameterType.RequestBody);
  IRestResponse response = client.Execute(request);
  ```

  ```go Go lines expandable
  package main

  import (
  	"fmt"
  	"strings"
  	"net/http"
  	"io/ioutil"
  )

  func main() {

  	url := "https://{yourDomain}/api/v2/guardian/post-ticket"

  	payload := strings.NewReader("{ \n \"user_id\": \"string\",\n \"email\": \"user@exampleco.com\",\n \"send_email\": \"true\",\n \"email_locale\": \"string\",\n \"factor\": \"oob\",\n \"allow_multiple_enrollments\": \"true\"\n }")

  	req, _ := http.NewRequest("POST", url, payload)

  	req.Header.Add("authorization", "Bearer {yourMgmtApiAccessToken}")
  	req.Header.Add("content-type", "application/json")

  	res, _ := http.DefaultClient.Do(req)

  	defer res.Body.Close()
  	body, _ := ioutil.ReadAll(res.Body)

  	fmt.Println(res)
  	fmt.Println(string(body))

  }
  ```

  ```java Java lines
  HttpResponse<String> response = Unirest.post("https://{yourDomain}/api/v2/guardian/post-ticket")
    .header("authorization", "Bearer {yourMgmtApiAccessToken}")
    .header("content-type", "application/json")
    .body("{ \n \"user_id\": \"string\",\n \"email\": \"user@exampleco.com\",\n \"send_email\": \"true\",\n \"email_locale\": \"string\",\n \"factor\": \"oob\",\n \"allow_multiple_enrollments\": \"true\"\n }")
    .asString();
  ```

  ```javascript Node.JS lines
  var axios = require("axios").default;

  var options = {
    method: 'POST',
    url: 'https://{yourDomain}/api/v2/guardian/post-ticket',
    headers: {
      authorization: 'Bearer {yourMgmtApiAccessToken}',
      'content-type': 'application/json'
    },
    data: {
      user_id: 'string',
      email: 'user@exampleco.com',
      send_email: 'true',
      email_locale: 'string',
      factor: 'oob',
      allow_multiple_enrollments: 'true'
    }
  };

  axios.request(options).then(function (response) {
    console.log(response.data);
  }).catch(function (error) {
    console.error(error);
  });
  ```

  ```obj-c Obj-C lines expandable
  #import <Foundation/Foundation.h>

  NSDictionary *headers = @{ @"authorization": @"Bearer {yourMgmtApiAccessToken}",
                             @"content-type": @"application/json" };
  NSDictionary *parameters = @{ @"user_id": @"string",
                                @"email": @"user@exampleco.com",
                                @"send_email": @"true",
                                @"email_locale": @"string",
                                @"factor": @"oob",
                                @"allow_multiple_enrollments": @"true" };

  NSData *postData = [NSJSONSerialization dataWithJSONObject:parameters options:0 error:nil];

  NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"https://{yourDomain}/api/v2/guardian/post-ticket"]
                                                         cachePolicy:NSURLRequestUseProtocolCachePolicy
                                                     timeoutInterval:10.0];
  [request setHTTPMethod:@"POST"];
  [request setAllHTTPHeaderFields:headers];
  [request setHTTPBody:postData];

  NSURLSession *session = [NSURLSession sharedSession];
  NSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request
                                              completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {
                                                  if (error) {
                                                      NSLog(@"%@", error);
                                                  } else {
                                                      NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *) response;
                                                      NSLog(@"%@", httpResponse);
                                                  }
                                              }];
  [dataTask resume];
  ```

  ```php PHP lines expandable
  $curl = curl_init();

  curl_setopt_array($curl, [
    CURLOPT_URL => "https://{yourDomain}/api/v2/guardian/post-ticket",
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_ENCODING => "",
    CURLOPT_MAXREDIRS => 10,
    CURLOPT_TIMEOUT => 30,
    CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
    CURLOPT_CUSTOMREQUEST => "POST",
    CURLOPT_POSTFIELDS => "{ \n \"user_id\": \"string\",\n \"email\": \"user@exampleco.com\",\n \"send_email\": \"true\",\n \"email_locale\": \"string\",\n \"factor\": \"oob\",\n \"allow_multiple_enrollments\": \"true\"\n }",
    CURLOPT_HTTPHEADER => [
      "authorization: Bearer {yourMgmtApiAccessToken}",
      "content-type: application/json"
    ],
  ]);

  $response = curl_exec($curl);
  $err = curl_error($curl);

  curl_close($curl);

  if ($err) {
    echo "cURL Error #:" . $err;
  } else {
    echo $response;
  }
  ```

  ```python Python lines
  import http.client

  conn = http.client.HTTPSConnection("")

  payload = "{ \n \"user_id\": \"string\",\n \"email\": \"user@exampleco.com\",\n \"send_email\": \"true\",\n \"email_locale\": \"string\",\n \"factor\": \"oob\",\n \"allow_multiple_enrollments\": \"true\"\n }"

  headers = {
      'authorization': "Bearer {yourMgmtApiAccessToken}",
      'content-type': "application/json"
      }

  conn.request("POST", "/{yourDomain}/api/v2/guardian/post-ticket", payload, headers)

  res = conn.getresponse()
  data = res.read()

  print(data.decode("utf-8"))
  ```

  ```ruby Ruby lines
  require 'uri'
  require 'net/http'
  require 'openssl'

  url = URI("https://{yourDomain}/api/v2/guardian/post-ticket")

  http = Net::HTTP.new(url.host, url.port)
  http.use_ssl = true
  http.verify_mode = OpenSSL::SSL::VERIFY_NONE

  request = Net::HTTP::Post.new(url)
  request["authorization"] = 'Bearer {yourMgmtApiAccessToken}'
  request["content-type"] = 'application/json'
  request.body = "{ \n \"user_id\": \"string\",\n \"email\": \"user@exampleco.com\",\n \"send_email\": \"true\",\n \"email_locale\": \"string\",\n \"factor\": \"oob\",\n \"allow_multiple_enrollments\": \"true\"\n }"

  response = http.request(request)
  puts response.read_body
  ```

  ```swift Swift lines expandable
  import Foundation

  let headers = [
    "authorization": "Bearer {yourMgmtApiAccessToken}",
    "content-type": "application/json"
  ]
  let parameters = [
    "user_id": "string",
    "email": "user@exampleco.com",
    "send_email": "true",
    "email_locale": "string",
    "factor": "oob",
    "allow_multiple_enrollments": "true"
  ] as [String : Any]

  let postData = JSONSerialization.data(withJSONObject: parameters, options: [])

  let request = NSMutableURLRequest(url: NSURL(string: "https://{yourDomain}/api/v2/guardian/post-ticket")! as URL,
                                          cachePolicy: .useProtocolCachePolicy,
                                      timeoutInterval: 10.0)
  request.httpMethod = "POST"
  request.allHTTPHeaderFields = headers
  request.httpBody = postData as Data

  let session = URLSession.shared
  let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
    if (error != nil) {
      print(error)
    } else {
      let httpResponse = response as? HTTPURLResponse
      print(httpResponse)
    }
  })

  dataTask.resume()
  ```
</CodeGroup>

<table class="table">
  <thead>
    <tr>
      <th><strong>Parameter</strong></th>
      <th><strong>Required</strong></th>
      <th><strong>Description</strong></th>
    </tr>
  </thead>

  <tbody>
    <tr>
      <td><code>allow\_multiple\_enrollments</code></td>
      <td>Optional</td>
      <td>Allows a previously enrolled user to enroll with additional factors, excluding email.</td>
    </tr>

    <tr>
      <td><code>factor</code></td>
      <td>Optional</td>
      <td>Specifies which factor the user must enroll with, excluding email. Used with <code>allow\_multiple\_enrollments</code>, can specify more than one factor for enrollment.</td>
    </tr>
  </tbody>
</table>

<Callout icon="file-lines" color="#0EA5E9" iconType="regular">
  These parameters can only be used with [Universal Login](/docs/authenticate/login/auth0-universal-login) and cannot be used with Classic Login or custom MFA pages.
</Callout>

Management API returns an enrollment ticket containing a `ticket_id` and a `ticket_url`. The `ticket_id` is for internal use. Deliver the `ticket_url` to the user with the `send_email` parameter to kick off the enrollment process. Tickets expire after 5 days and are single-use. A user who receives a ticket will only be able to enroll once.

Sample response:

```json lines
{
  "ticket_id": "gten_8b2f5e90d2c848dc9230d34f",
  "ticket_url": "https://guardianadnrdoifcmtest0.eu.auth0.com/guardian/enroll?ticket=gten_8b2f5e90d2c848dc9230d34f"
}
```

If you enable [Multiple Custom Domains](/docs/customize/custom-domains/multiple-custom-domains), you need to include the `auth0-custom-domain` HTTP header. To learn more, review [Multiple Custom Domains](/docs/customize/custom-domains/multiple-custom-domains#customize-email-handling-using-the-management-api).

### Custom Enrollment Tickets with Classic Login

If you are using the [Classic Login](/docs/authenticate/login/auth0-universal-login/universal-login-vs-classic-login/classic-experience) experience and need to customize how the page looks when the user navigates to the `ticket_url`, you can edit the MFA page.

1. Navigate to [Dashboard > Branding > Universal Login > Advanced options > Multi-factor Authentication.](https://manage.auth0.com/#/mfa_page)
2. If **Customize MFA Page** is not selected, toggle this option on.
3. Update the `ticket` variable.
   Example:

```liquid lines
{% if ticket %}
<h4 class="message">Welcome, {{ userData.email }}, enroll your device below</h4>
{% else %}
<h4 class="message">Welcome back, {{ userData.email }}, authenticate below</h4>
{% endif %}
```

## Learn more

* [MFA Widget Theme Options](/docs/secure/multi-factor-authentication/customize-mfa/mfa-widget-theme-options)
* [Guardian Error Code Reference](/docs/secure/multi-factor-authentication/multi-factor-authentication-developer-resources/guardian-error-code-reference)
* [Auth0 MFA API](/docs/secure/multi-factor-authentication/multi-factor-authentication-developer-resources/mfa-api)
